 |
|
 |
|
| Files: |
1 |
|
Branches Taken: |
81.0% |
822 / 1015 |
| Generated: |
2010-02-10 01:31 |
|
Branches Executed: |
95.7% |
971 / 1015 |
| |
|
Line Coverage: |
90.8% |
986 / 1086 |
| |
 |
|
 |
1 : //===--- SemaChecking.cpp - Extra Semantic Checking -----------------------===//
2 : //
3 : // The LLVM Compiler Infrastructure
4 : //
5 : // This file is distributed under the University of Illinois Open Source
6 : // License. See LICENSE.TXT for details.
7 : //
8 : //===----------------------------------------------------------------------===//
9 : //
10 : // This file implements extra semantic analysis beyond what is enforced
11 : // by the C type system.
12 : //
13 : //===----------------------------------------------------------------------===//
14 :
15 : #include "Sema.h"
16 : #include "clang/Analysis/CFG.h"
17 : #include "clang/Analysis/AnalysisContext.h"
18 : #include "clang/Analysis/Analyses/PrintfFormatString.h"
19 : #include "clang/AST/ASTContext.h"
20 : #include "clang/AST/CharUnits.h"
21 : #include "clang/AST/DeclObjC.h"
22 : #include "clang/AST/ExprCXX.h"
23 : #include "clang/AST/ExprObjC.h"
24 : #include "clang/AST/DeclObjC.h"
25 : #include "clang/AST/StmtCXX.h"
26 : #include "clang/AST/StmtObjC.h"
27 : #include "clang/Lex/LiteralSupport.h"
28 : #include "clang/Lex/Preprocessor.h"
29 : #include "llvm/ADT/BitVector.h"
30 : #include "llvm/ADT/STLExtras.h"
31 : #include <limits>
32 : #include <queue>
33 : using namespace clang;
34 :
35 : /// getLocationOfStringLiteralByte - Return a source location that points to the
36 : /// specified byte of the specified string literal.
37 : ///
38 : /// Strings are amazingly complex. They can be formed from multiple tokens and
39 : /// can have escape sequences in them in addition to the usual trigraph and
40 : /// escaped newline business. This routine handles this complexity.
41 : ///
42 : SourceLocation Sema::getLocationOfStringLiteralByte(const StringLiteral *SL,
43 111: unsigned ByteNo) const {
111: branch 1 taken
0: branch 2 not taken
44 111: assert(!SL->isWide() && "This doesn't work for wide strings yet");
45 :
46 : // Loop over all of the tokens in this string until we find the one that
47 : // contains the byte we're looking for.
48 111: unsigned TokNo = 0;
4: branch 1 taken
111: branch 2 taken
4: branch 4 taken
111: branch 5 taken
4: branch 7 taken
111: branch 8 taken
49 115: while (1) {
115: branch 1 taken
0: branch 2 not taken
50 115: assert(TokNo < SL->getNumConcatenated() && "Invalid byte number!");
51 115: SourceLocation StrTokLoc = SL->getStrTokenLoc(TokNo);
52 :
53 : // Get the spelling of the string so that we can get the data that makes up
54 : // the string literal, not the identifier for the macro it is potentially
55 : // expanded through.
56 115: SourceLocation StrTokSpellingLoc = SourceMgr.getSpellingLoc(StrTokLoc);
57 :
58 : // Re-lex the token to get its length and original spelling.
59 : std::pair<FileID, unsigned> LocInfo =
60 115: SourceMgr.getDecomposedLoc(StrTokSpellingLoc);
61 : std::pair<const char *,const char *> Buffer =
62 115: SourceMgr.getBufferData(LocInfo.first);
63 115: const char *StrData = Buffer.first+LocInfo.second;
64 :
65 : // Create a langops struct and enable trigraphs. This is sufficient for
66 : // relexing tokens.
67 115: LangOptions LangOpts;
68 115: LangOpts.Trigraphs = true;
69 :
70 : // Create a lexer starting at the beginning of this token.
71 : Lexer TheLexer(StrTokSpellingLoc, LangOpts, Buffer.first, StrData,
72 115: Buffer.second);
73 115: Token TheTok;
74 115: TheLexer.LexFromRawLexer(TheTok);
75 :
76 : // Use the StringLiteralParser to compute the length of the string in bytes.
77 115: StringLiteralParser SLP(&TheTok, 1, PP);
78 115: unsigned TokNumBytes = SLP.GetStringLength();
79 :
80 : // If the byte is in this token, return the location of the byte.
4: branch 0 taken
111: branch 1 taken
0: branch 2 not taken
4: branch 3 taken
0: branch 5 not taken
0: branch 6 not taken
111: branch 7 taken
4: branch 8 taken
81 119: if (ByteNo < TokNumBytes ||
82 : (ByteNo == TokNumBytes && TokNo == SL->getNumConcatenated())) {
83 : unsigned Offset =
84 111: StringLiteralParser::getOffsetOfStringByte(TheTok, ByteNo, PP);
85 :
86 : // Now that we know the offset of the token in the spelling, use the
87 : // preprocessor to get the offset in the original source.
88 111: return PP.AdvanceToTokenCharacter(StrTokLoc, Offset);
89 : }
90 :
91 : // Move to the next string token.
92 4: ++TokNo;
93 4: ByteNo -= TokNumBytes;
94 : }
95 : }
96 :
97 : /// CheckablePrintfAttr - does a function call have a "printf" attribute
98 : /// and arguments that merit checking?
99 502: bool Sema::CheckablePrintfAttr(const FormatAttr *Format, CallExpr *TheCall) {
498: branch 2 taken
4: branch 3 taken
100 502: if (Format->getType() == "printf") return true;
4: branch 2 taken
0: branch 3 not taken
101 4: if (Format->getType() == "printf0") {
102 : // printf0 allows null "format" string; if so don't check format/args
103 4: unsigned format_idx = Format->getFormatIdx() - 1;
104 : // Does the index refer to the implicit object argument?
0: branch 1 not taken
4: branch 2 taken
105 4: if (isa<CXXMemberCallExpr>(TheCall)) {
0: branch 0 not taken
0: branch 1 not taken
106 0: if (format_idx == 0)
107 0: return false;
108 0: --format_idx;
109 : }
4: branch 1 taken
0: branch 2 not taken
110 4: if (format_idx < TheCall->getNumArgs()) {
111 4: Expr *Format = TheCall->getArg(format_idx)->IgnoreParenCasts();
0: branch 1 not taken
4: branch 2 taken
112 4: if (!Format->isNullPointerConstant(Context, Expr::NPC_ValueDependentIsNull))
113 0: return true;
114 : }
115 : }
116 4: return false;
117 : }
118 :
119 : Action::OwningExprResult
120 2278: Sema::CheckBuiltinFunctionCall(unsigned BuiltinID, CallExpr *TheCall) {
121 2278: OwningExprResult TheCallResult(Owned(TheCall));
122 :
55: branch 0 taken
40: branch 1 taken
14: branch 2 taken
9: branch 3 taken
8: branch 4 taken
2: branch 5 taken
100: branch 6 taken
14: branch 7 taken
53: branch 8 taken
0: branch 9 not taken
20: branch 10 taken
1963: branch 11 taken
123 2278: switch (BuiltinID) {
124 : case Builtin::BI__builtin___CFStringMakeConstantString:
125 : assert(TheCall->getNumArgs() == 1 &&
55: branch 1 taken
0: branch 2 not taken
126 55: "Wrong # arguments to builtin CFStringMakeConstantString");
1: branch 2 taken
54: branch 3 taken
127 55: if (CheckObjCString(TheCall->getArg(0)))
128 1: return ExprError();
129 54: break;
130 : case Builtin::BI__builtin_stdarg_start:
131 : case Builtin::BI__builtin_va_start:
8: branch 1 taken
32: branch 2 taken
132 40: if (SemaBuiltinVAStart(TheCall))
133 8: return ExprError();
134 32: break;
135 : case Builtin::BI__builtin_isgreater:
136 : case Builtin::BI__builtin_isgreaterequal:
137 : case Builtin::BI__builtin_isless:
138 : case Builtin::BI__builtin_islessequal:
139 : case Builtin::BI__builtin_islessgreater:
140 : case Builtin::BI__builtin_isunordered:
4: branch 1 taken
10: branch 2 taken
141 14: if (SemaBuiltinUnorderedCompare(TheCall))
142 4: return ExprError();
143 10: break;
144 : case Builtin::BI__builtin_isfinite:
145 : case Builtin::BI__builtin_isinf:
146 : case Builtin::BI__builtin_isinf_sign:
147 : case Builtin::BI__builtin_isnan:
148 : case Builtin::BI__builtin_isnormal:
3: branch 1 taken
6: branch 2 taken
149 9: if (SemaBuiltinUnaryFP(TheCall))
150 3: return ExprError();
151 6: break;
152 : case Builtin::BI__builtin_return_address:
153 : case Builtin::BI__builtin_frame_address:
2: branch 1 taken
6: branch 2 taken
154 8: if (SemaBuiltinStackAddress(TheCall))
155 2: return ExprError();
156 6: break;
157 : case Builtin::BI__builtin_eh_return_data_regno:
1: branch 1 taken
1: branch 2 taken
158 2: if (SemaBuiltinEHReturnDataRegNo(TheCall))
159 1: return ExprError();
160 1: break;
161 : case Builtin::BI__builtin_shufflevector:
162 100: return SemaBuiltinShuffleVector(TheCall);
163 : // TheCall will be freed by the smart pointer here, but that's fine, since
164 : // SemaBuiltinShuffleVector guts it, but then doesn't release it.
165 : case Builtin::BI__builtin_prefetch:
6: branch 1 taken
8: branch 2 taken
166 14: if (SemaBuiltinPrefetch(TheCall))
167 6: return ExprError();
168 8: break;
169 : case Builtin::BI__builtin_object_size:
4: branch 1 taken
49: branch 2 taken
170 53: if (SemaBuiltinObjectSize(TheCall))
171 4: return ExprError();
172 49: break;
173 : case Builtin::BI__builtin_longjmp:
0: branch 1 not taken
0: branch 2 not taken
174 0: if (SemaBuiltinLongjmp(TheCall))
175 0: return ExprError();
176 0: break;
177 : case Builtin::BI__sync_fetch_and_add:
178 : case Builtin::BI__sync_fetch_and_sub:
179 : case Builtin::BI__sync_fetch_and_or:
180 : case Builtin::BI__sync_fetch_and_and:
181 : case Builtin::BI__sync_fetch_and_xor:
182 : case Builtin::BI__sync_fetch_and_nand:
183 : case Builtin::BI__sync_add_and_fetch:
184 : case Builtin::BI__sync_sub_and_fetch:
185 : case Builtin::BI__sync_and_and_fetch:
186 : case Builtin::BI__sync_or_and_fetch:
187 : case Builtin::BI__sync_xor_and_fetch:
188 : case Builtin::BI__sync_nand_and_fetch:
189 : case Builtin::BI__sync_val_compare_and_swap:
190 : case Builtin::BI__sync_bool_compare_and_swap:
191 : case Builtin::BI__sync_lock_test_and_set:
192 : case Builtin::BI__sync_lock_release:
2: branch 1 taken
18: branch 2 taken
193 20: if (SemaBuiltinAtomicOverloaded(TheCall))
194 2: return ExprError();
195 : break;
196 : }
197 :
198 2147: return move(TheCallResult);
199 : }
200 :
201 : /// CheckFunctionCall - Check a direct function call for various correctness
202 : /// and safety properties not strictly enforced by the C type system.
203 6109: bool Sema::CheckFunctionCall(FunctionDecl *FDecl, CallExpr *TheCall) {
204 : // Get the IdentifierInfo* for the called function.
205 6109: IdentifierInfo *FnInfo = FDecl->getIdentifier();
206 :
207 : // None of the checks below are needed for functions that don't have
208 : // simple names (e.g., C++ conversion functions).
66: branch 0 taken
6043: branch 1 taken
209 6109: if (!FnInfo)
210 66: return false;
211 :
212 : // FIXME: This mechanism should be abstracted to be less fragile and
213 : // more efficient. For example, just map function ids to custom
214 : // handlers.
215 :
216 : // Printf checking.
500: branch 1 taken
5543: branch 2 taken
217 6043: if (const FormatAttr *Format = FDecl->getAttr<FormatAttr>()) {
496: branch 1 taken
4: branch 2 taken
218 500: if (CheckablePrintfAttr(Format, TheCall)) {
219 496: bool HasVAListArg = Format->getFirstArg() == 0;
480: branch 0 taken
16: branch 1 taken
220 496: if (!HasVAListArg) {
479: branch 0 taken
1: branch 1 taken
221 480: if (const FunctionProtoType *Proto
222 480: = FDecl->getType()->getAs<FunctionProtoType>())
223 479: HasVAListArg = !Proto->isVariadic();
224 : }
225 : CheckPrintfArguments(TheCall, HasVAListArg, Format->getFormatIdx() - 1,
16: branch 0 taken
480: branch 1 taken
226 496: HasVAListArg ? 0 : Format->getFirstArg() - 1);
227 : }
228 : }
229 :
46: branch 2 taken
6043: branch 3 taken
230 6089: for (const NonNullAttr *NonNull = FDecl->getAttr<NonNullAttr>(); NonNull;
231 : NonNull = NonNull->getNext<NonNullAttr>())
232 46: CheckNonNullArguments(NonNull, TheCall);
233 :
234 6043: return false;
235 : }
236 :
237 72: bool Sema::CheckBlockCall(NamedDecl *NDecl, CallExpr *TheCall) {
238 : // Printf checking.
239 72: const FormatAttr *Format = NDecl->getAttr<FormatAttr>();
70: branch 0 taken
2: branch 1 taken
240 72: if (!Format)
241 70: return false;
242 :
243 2: const VarDecl *V = dyn_cast<VarDecl>(NDecl);
0: branch 0 not taken
2: branch 1 taken
244 2: if (!V)
245 0: return false;
246 :
247 2: QualType Ty = V->getType();
0: branch 2 not taken
2: branch 3 taken
248 2: if (!Ty->isBlockPointerType())
249 0: return false;
250 :
0: branch 1 not taken
2: branch 2 taken
251 2: if (!CheckablePrintfAttr(Format, TheCall))
252 0: return false;
253 :
254 2: bool HasVAListArg = Format->getFirstArg() == 0;
2: branch 0 taken
0: branch 1 not taken
255 2: if (!HasVAListArg) {
256 : const FunctionType *FT =
257 2: Ty->getAs<BlockPointerType>()->getPointeeType()->getAs<FunctionType>();
2: branch 1 taken
0: branch 2 not taken
258 2: if (const FunctionProtoType *Proto = dyn_cast<FunctionProtoType>(FT))
259 2: HasVAListArg = !Proto->isVariadic();
260 : }
261 : CheckPrintfArguments(TheCall, HasVAListArg, Format->getFormatIdx() - 1,
0: branch 0 not taken
2: branch 1 taken
262 2: HasVAListArg ? 0 : Format->getFirstArg() - 1);
263 :
264 2: return false;
265 : }
266 :
267 : /// SemaBuiltinAtomicOverloaded - We have a call to a function like
268 : /// __sync_fetch_and_add, which is an overloaded function based on the pointer
269 : /// type of its first argument. The main ActOnCallExpr routines have already
270 : /// promoted the types of arguments because all of these calls are prototyped as
271 : /// void(...).
272 : ///
273 : /// This function goes through and does final semantic checking for these
274 : /// builtins,
275 20: bool Sema::SemaBuiltinAtomicOverloaded(CallExpr *TheCall) {
276 20: DeclRefExpr *DRE =cast<DeclRefExpr>(TheCall->getCallee()->IgnoreParenCasts());
277 20: FunctionDecl *FDecl = cast<FunctionDecl>(DRE->getDecl());
278 :
279 : // Ensure that we have at least one argument to do type inference from.
1: branch 1 taken
19: branch 2 taken
280 20: if (TheCall->getNumArgs() < 1)
281 : return Diag(TheCall->getLocEnd(), diag::err_typecheck_call_too_few_args)
282 1: << 0 << TheCall->getCallee()->getSourceRange();
283 :
284 : // Inspect the first argument of the atomic builtin. This should always be
285 : // a pointer type, whose element is an integral scalar or pointer type.
286 : // Because it is a pointer type, we don't have to worry about any implicit
287 : // casts here.
288 19: Expr *FirstArg = TheCall->getArg(0);
0: branch 3 not taken
19: branch 4 taken
289 19: if (!FirstArg->getType()->isPointerType())
290 : return Diag(DRE->getLocStart(), diag::err_atomic_builtin_must_be_pointer)
291 0: << FirstArg->getType() << FirstArg->getSourceRange();
292 :
293 19: QualType ValType = FirstArg->getType()->getAs<PointerType>()->getPointeeType();
2: branch 2 taken
17: branch 3 taken
0: branch 6 not taken
2: branch 7 taken
0: branch 10 not taken
0: branch 11 not taken
0: branch 12 not taken
19: branch 13 taken
294 19: if (!ValType->isIntegerType() && !ValType->isPointerType() &&
295 : !ValType->isBlockPointerType())
296 : return Diag(DRE->getLocStart(),
297 : diag::err_atomic_builtin_must_be_pointer_intptr)
298 0: << FirstArg->getType() << FirstArg->getSourceRange();
299 :
300 : // We need to figure out which concrete builtin this maps onto. For example,
301 : // __sync_fetch_and_add with a 2 byte object turns into
302 : // __sync_fetch_and_add_2.
303 : #define BUILTIN_ROW(x) \
304 : { Builtin::BI##x##_1, Builtin::BI##x##_2, Builtin::BI##x##_4, \
305 : Builtin::BI##x##_8, Builtin::BI##x##_16 }
306 :
307 : static const unsigned BuiltinIndices[][5] = {
308 : BUILTIN_ROW(__sync_fetch_and_add),
309 : BUILTIN_ROW(__sync_fetch_and_sub),
310 : BUILTIN_ROW(__sync_fetch_and_or),
311 : BUILTIN_ROW(__sync_fetch_and_and),
312 : BUILTIN_ROW(__sync_fetch_and_xor),
313 : BUILTIN_ROW(__sync_fetch_and_nand),
314 :
315 : BUILTIN_ROW(__sync_add_and_fetch),
316 : BUILTIN_ROW(__sync_sub_and_fetch),
317 : BUILTIN_ROW(__sync_and_and_fetch),
318 : BUILTIN_ROW(__sync_or_and_fetch),
319 : BUILTIN_ROW(__sync_xor_and_fetch),
320 : BUILTIN_ROW(__sync_nand_and_fetch),
321 :
322 : BUILTIN_ROW(__sync_val_compare_and_swap),
323 : BUILTIN_ROW(__sync_bool_compare_and_swap),
324 : BUILTIN_ROW(__sync_lock_test_and_set),
325 : BUILTIN_ROW(__sync_lock_release)
326 : };
327 : #undef BUILTIN_ROW
328 :
329 : // Determine the index of the size.
330 : unsigned SizeIndex;
5: branch 2 taken
0: branch 3 not taken
14: branch 4 taken
0: branch 5 not taken
0: branch 6 not taken
0: branch 7 not taken
331 19: switch (Context.getTypeSizeInChars(ValType).getQuantity()) {
332 5: case 1: SizeIndex = 0; break;
333 0: case 2: SizeIndex = 1; break;
334 14: case 4: SizeIndex = 2; break;
335 0: case 8: SizeIndex = 3; break;
336 0: case 16: SizeIndex = 4; break;
337 : default:
338 : return Diag(DRE->getLocStart(), diag::err_atomic_builtin_pointer_size)
339 0: << FirstArg->getType() << FirstArg->getSourceRange();
340 : }
341 :
342 : // Each of these builtins has one pointer argument, followed by some number of
343 : // values (0, 1 or 2) followed by a potentially empty varags list of stuff
344 : // that we ignore. Find out which row of BuiltinIndices to read from as well
345 : // as the number of fixed args.
346 19: unsigned BuiltinID = FDecl->getBuiltinID();
347 19: unsigned BuiltinIndex, NumFixed = 1;
0: branch 0 not taken
3: branch 1 taken
1: branch 2 taken
1: branch 3 taken
1: branch 4 taken
1: branch 5 taken
1: branch 6 taken
1: branch 7 taken
1: branch 8 taken
1: branch 9 taken
1: branch 10 taken
1: branch 11 taken
1: branch 12 taken
2: branch 13 taken
1: branch 14 taken
1: branch 15 taken
1: branch 16 taken
348 19: switch (BuiltinID) {
349 0: default: assert(0 && "Unknown overloaded atomic builtin!");
350 3: case Builtin::BI__sync_fetch_and_add: BuiltinIndex = 0; break;
351 1: case Builtin::BI__sync_fetch_and_sub: BuiltinIndex = 1; break;
352 1: case Builtin::BI__sync_fetch_and_or: BuiltinIndex = 2; break;
353 1: case Builtin::BI__sync_fetch_and_and: BuiltinIndex = 3; break;
354 1: case Builtin::BI__sync_fetch_and_xor: BuiltinIndex = 4; break;
355 1: case Builtin::BI__sync_fetch_and_nand:BuiltinIndex = 5; break;
356 :
357 1: case Builtin::BI__sync_add_and_fetch: BuiltinIndex = 6; break;
358 1: case Builtin::BI__sync_sub_and_fetch: BuiltinIndex = 7; break;
359 1: case Builtin::BI__sync_and_and_fetch: BuiltinIndex = 8; break;
360 1: case Builtin::BI__sync_or_and_fetch: BuiltinIndex = 9; break;
361 1: case Builtin::BI__sync_xor_and_fetch: BuiltinIndex =10; break;
362 1: case Builtin::BI__sync_nand_and_fetch:BuiltinIndex =11; break;
363 :
364 : case Builtin::BI__sync_val_compare_and_swap:
365 2: BuiltinIndex = 12;
366 2: NumFixed = 2;
367 2: break;
368 : case Builtin::BI__sync_bool_compare_and_swap:
369 1: BuiltinIndex = 13;
370 1: NumFixed = 2;
371 1: break;
372 1: case Builtin::BI__sync_lock_test_and_set: BuiltinIndex = 14; break;
373 : case Builtin::BI__sync_lock_release:
374 1: BuiltinIndex = 15;
375 1: NumFixed = 0;
376 : break;
377 : }
378 :
379 : // Now that we know how many fixed arguments we expect, first check that we
380 : // have at least that many.
1: branch 1 taken
18: branch 2 taken
381 19: if (TheCall->getNumArgs() < 1+NumFixed)
382 : return Diag(TheCall->getLocEnd(), diag::err_typecheck_call_too_few_args)
383 1: << 0 << TheCall->getCallee()->getSourceRange();
384 :
385 :
386 : // Get the decl for the concrete builtin from this, we can tell what the
387 : // concrete integer type we should convert to is.
388 18: unsigned NewBuiltinID = BuiltinIndices[BuiltinIndex][SizeIndex];
389 18: const char *NewBuiltinName = Context.BuiltinInfo.GetName(NewBuiltinID);
390 18: IdentifierInfo *NewBuiltinII = PP.getIdentifierInfo(NewBuiltinName);
391 : FunctionDecl *NewBuiltinDecl =
392 : cast<FunctionDecl>(LazilyCreateBuiltin(NewBuiltinII, NewBuiltinID,
393 18: TUScope, false, DRE->getLocStart()));
394 : const FunctionProtoType *BuiltinFT =
395 18: NewBuiltinDecl->getType()->getAs<FunctionProtoType>();
396 18: ValType = BuiltinFT->getArgType(0)->getAs<PointerType>()->getPointeeType();
397 :
398 : // If the first type needs to be converted (e.g. void** -> int*), do it now.
4: branch 3 taken
14: branch 4 taken
399 18: if (BuiltinFT->getArgType(0) != FirstArg->getType()) {
400 4: ImpCastExprToType(FirstArg, BuiltinFT->getArgType(0), CastExpr::CK_BitCast);
401 4: TheCall->setArg(0, FirstArg);
402 : }
403 :
404 : // Next, walk the valid ones promoting to the right type.
20: branch 0 taken
18: branch 1 taken
405 38: for (unsigned i = 0; i != NumFixed; ++i) {
406 20: Expr *Arg = TheCall->getArg(i+1);
407 :
408 : // If the argument is an implicit cast, then there was a promotion due to
409 : // "...", just remove it now.
0: branch 1 not taken
20: branch 2 taken
410 20: if (ImplicitCastExpr *ICE = dyn_cast<ImplicitCastExpr>(Arg)) {
411 0: Arg = ICE->getSubExpr();
412 0: ICE->setSubExpr(0);
413 0: ICE->Destroy(Context);
414 0: TheCall->setArg(i+1, Arg);
415 : }
416 :
417 : // GCC does an implicit conversion to the pointer or integer ValType. This
418 : // can fail in some cases (1i -> int**), check for this error case now.
419 20: CastExpr::CastKind Kind = CastExpr::CK_Unknown;
420 20: CXXMethodDecl *ConversionDecl = 0;
0: branch 2 not taken
20: branch 3 taken
421 20: if (CheckCastTypes(Arg->getSourceRange(), ValType, Arg, Kind,
422 : ConversionDecl))
423 0: return true;
424 :
425 : // Okay, we have something that *can* be converted to the right type. Check
426 : // to see if there is a potentially weird extension going on here. This can
427 : // happen when you do an atomic operation on something like an char* and
428 : // pass in 42. The 42 gets converted to char. This is even more strange
429 : // for things like 45.123 -> char, etc.
430 : // FIXME: Do this check.
431 20: ImpCastExprToType(Arg, ValType, Kind, /*isLvalue=*/false);
432 20: TheCall->setArg(i+1, Arg);
433 : }
434 :
435 : // Switch the DeclRefExpr to refer to the new decl.
436 18: DRE->setDecl(NewBuiltinDecl);
437 18: DRE->setType(NewBuiltinDecl->getType());
438 :
439 : // Set the callee in the CallExpr.
440 : // FIXME: This leaks the original parens and implicit casts.
441 18: Expr *PromotedCall = DRE;
442 18: UsualUnaryConversions(PromotedCall);
443 18: TheCall->setCallee(PromotedCall);
444 :
445 :
446 : // Change the result type of the call to match the result type of the decl.
447 18: TheCall->setType(NewBuiltinDecl->getResultType());
448 18: return false;
449 : }
450 :
451 :
452 : /// CheckObjCString - Checks that the argument to the builtin
453 : /// CFString constructor is correct
454 : /// FIXME: GCC currently emits the following warning:
455 : /// "warning: input conversion stopped due to an input byte that does not
456 : /// belong to the input codeset UTF-8"
457 : /// Note: It might also make sense to do the UTF-16 conversion here (would
458 : /// simplify the backend).
459 271: bool Sema::CheckObjCString(Expr *Arg) {
460 271: Arg = Arg->IgnoreParenCasts();
461 271: StringLiteral *Literal = dyn_cast<StringLiteral>(Arg);
462 :
270: branch 0 taken
1: branch 1 taken
0: branch 3 not taken
270: branch 4 taken
1: branch 5 taken
270: branch 6 taken
463 271: if (!Literal || Literal->isWide()) {
464 : Diag(Arg->getLocStart(), diag::err_cfstring_literal_not_string_constant)
465 1: << Arg->getSourceRange();
466 1: return true;
467 : }
468 :
469 270: const char *Data = Literal->getStrData();
470 270: unsigned Length = Literal->getByteLength();
471 :
2470: branch 0 taken
267: branch 1 taken
472 2737: for (unsigned i = 0; i < Length; ++i) {
3: branch 0 taken
2467: branch 1 taken
473 2470: if (!Data[i]) {
474 : Diag(getLocationOfStringLiteralByte(Literal, i),
475 : diag::warn_cfstring_literal_contains_nul_character)
476 3: << Arg->getSourceRange();
477 3: break;
478 : }
479 : }
480 :
481 270: return false;
482 : }
483 :
484 : /// SemaBuiltinVAStart - Check the arguments to __builtin_va_start for validity.
485 : /// Emit an error and return true on failure, return false on success.
486 40: bool Sema::SemaBuiltinVAStart(CallExpr *TheCall) {
487 40: Expr *Fn = TheCall->getCallee();
2: branch 1 taken
38: branch 2 taken
488 40: if (TheCall->getNumArgs() > 2) {
489 : Diag(TheCall->getArg(2)->getLocStart(),
490 : diag::err_typecheck_call_too_many_args)
491 : << 0 /*function call*/ << Fn->getSourceRange()
492 : << SourceRange(TheCall->getArg(2)->getLocStart(),
493 2: (*(TheCall->arg_end()-1))->getLocEnd());
494 2: return true;
495 : }
496 :
2: branch 1 taken
36: branch 2 taken
497 38: if (TheCall->getNumArgs() < 2) {
498 : return Diag(TheCall->getLocEnd(), diag::err_typecheck_call_too_few_args)
499 2: << 0 /*function call*/;
500 : }
501 :
502 : // Determine whether the current function is variadic or not.
503 : bool isVariadic;
1: branch 0 taken
35: branch 1 taken
504 36: if (CurBlock)
505 1: isVariadic = CurBlock->isVariadic;
33: branch 1 taken
2: branch 2 taken
506 35: else if (getCurFunctionDecl()) {
31: branch 0 taken
2: branch 1 taken
507 33: if (FunctionProtoType* FTP =
508 33: dyn_cast<FunctionProtoType>(getCurFunctionDecl()->getType()))
509 31: isVariadic = FTP->isVariadic();
510 : else
511 2: isVariadic = false;
512 : } else {
513 2: isVariadic = getCurMethodDecl()->isVariadic();
514 : }
515 :
4: branch 0 taken
32: branch 1 taken
516 36: if (!isVariadic) {
517 4: Diag(Fn->getLocStart(), diag::err_va_start_used_in_non_variadic_function);
518 4: return true;
519 : }
520 :
521 : // Verify that the second argument to the builtin is the last argument of the
522 : // current function or method.
523 32: bool SecondArgIsLastNamedArgument = false;
524 32: const Expr *Arg = TheCall->getArg(1)->IgnoreParenCasts();
525 :
30: branch 1 taken
2: branch 2 taken
526 32: if (const DeclRefExpr *DR = dyn_cast<DeclRefExpr>(Arg)) {
30: branch 2 taken
0: branch 3 not taken
527 30: if (const ParmVarDecl *PV = dyn_cast<ParmVarDecl>(DR->getDecl())) {
528 : // FIXME: This isn't correct for methods (results in bogus warning).
529 : // Get the last formal in the current function.
530 : const ParmVarDecl *LastArg;
1: branch 0 taken
29: branch 1 taken
531 30: if (CurBlock)
532 1: LastArg = *(CurBlock->TheDecl->param_end()-1);
27: branch 1 taken
2: branch 2 taken
533 29: else if (FunctionDecl *FD = getCurFunctionDecl())
534 27: LastArg = *(FD->param_end()-1);
535 : else
536 2: LastArg = *(getCurMethodDecl()->param_end()-1);
537 30: SecondArgIsLastNamedArgument = PV == LastArg;
538 : }
539 : }
540 :
4: branch 0 taken
28: branch 1 taken
541 32: if (!SecondArgIsLastNamedArgument)
542 : Diag(TheCall->getArg(1)->getLocStart(),
543 4: diag::warn_second_parameter_of_va_start_not_last_named_argument);
544 32: return false;
545 : }
546 :
547 : /// SemaBuiltinUnorderedCompare - Handle functions like __builtin_isgreater and
548 : /// friends. This is declared to take (...), so we have to check everything.
549 14: bool Sema::SemaBuiltinUnorderedCompare(CallExpr *TheCall) {
1: branch 1 taken
13: branch 2 taken
550 14: if (TheCall->getNumArgs() < 2)
551 : return Diag(TheCall->getLocEnd(), diag::err_typecheck_call_too_few_args)
552 1: << 0 /*function call*/;
1: branch 1 taken
12: branch 2 taken
553 13: if (TheCall->getNumArgs() > 2)
554 : return Diag(TheCall->getArg(2)->getLocStart(),
555 : diag::err_typecheck_call_too_many_args)
556 : << 0 /*function call*/
557 : << SourceRange(TheCall->getArg(2)->getLocStart(),
558 1: (*(TheCall->arg_end()-1))->getLocEnd());
559 :
560 12: Expr *OrigArg0 = TheCall->getArg(0);
561 12: Expr *OrigArg1 = TheCall->getArg(1);
562 :
563 : // Do standard promotions between the two arguments, returning their common
564 : // type.
565 12: QualType Res = UsualArithmeticConversions(OrigArg0, OrigArg1, false);
566 :
567 : // Make sure any conversions are pushed back into the call; this is
568 : // type safe since unordered compare builtins are declared as "_Bool
569 : // foo(...)".
570 12: TheCall->setArg(0, OrigArg0);
571 12: TheCall->setArg(1, OrigArg1);
572 :
12: branch 1 taken
0: branch 2 not taken
0: branch 4 not taken
12: branch 5 taken
0: branch 6 not taken
12: branch 7 taken
573 12: if (OrigArg0->isTypeDependent() || OrigArg1->isTypeDependent())
574 0: return false;
575 :
576 : // If the common type isn't a real floating type, then the arguments were
577 : // invalid for this operation.
2: branch 2 taken
10: branch 3 taken
578 12: if (!Res->isRealFloatingType())
579 : return Diag(OrigArg0->getLocStart(),
580 : diag::err_typecheck_call_invalid_ordered_compare)
581 : << OrigArg0->getType() << OrigArg1->getType()
582 2: << SourceRange(OrigArg0->getLocStart(), OrigArg1->getLocEnd());
583 :
584 10: return false;
585 : }
586 :
587 : /// SemaBuiltinUnorderedCompare - Handle functions like __builtin_isnan and
588 : /// friends. This is declared to take (...), so we have to check everything.
589 9: bool Sema::SemaBuiltinUnaryFP(CallExpr *TheCall) {
1: branch 1 taken
8: branch 2 taken
590 9: if (TheCall->getNumArgs() < 1)
591 : return Diag(TheCall->getLocEnd(), diag::err_typecheck_call_too_few_args)
592 1: << 0 /*function call*/;
1: branch 1 taken
7: branch 2 taken
593 8: if (TheCall->getNumArgs() > 1)
594 : return Diag(TheCall->getArg(1)->getLocStart(),
595 : diag::err_typecheck_call_too_many_args)
596 : << 0 /*function call*/
597 : << SourceRange(TheCall->getArg(1)->getLocStart(),
598 1: (*(TheCall->arg_end()-1))->getLocEnd());
599 :
600 7: Expr *OrigArg = TheCall->getArg(0);
601 :
0: branch 1 not taken
7: branch 2 taken
602 7: if (OrigArg->isTypeDependent())
603 0: return false;
604 :
605 : // This operation requires a floating-point number
1: branch 3 taken
6: branch 4 taken
606 7: if (!OrigArg->getType()->isRealFloatingType())
607 : return Diag(OrigArg->getLocStart(),
608 : diag::err_typecheck_call_invalid_unary_fp)
609 1: << OrigArg->getType() << OrigArg->getSourceRange();
610 :
611 6: return false;
612 : }
613 :
614 8: bool Sema::SemaBuiltinStackAddress(CallExpr *TheCall) {
615 : // The signature for these builtins is exact; the only thing we need
616 : // to check is that the argument is a constant.
617 8: SourceLocation Loc;
8: branch 2 taken
0: branch 3 not taken
8: branch 6 taken
0: branch 7 not taken
2: branch 10 taken
6: branch 11 taken
2: branch 12 taken
6: branch 13 taken
618 8: if (!TheCall->getArg(0)->isTypeDependent() &&
619 : !TheCall->getArg(0)->isValueDependent() &&
620 : !TheCall->getArg(0)->isIntegerConstantExpr(Context, &Loc))
621 2: return Diag(Loc, diag::err_stack_const_level) << TheCall->getSourceRange();
622 :
623 6: return false;
624 : }
625 :
626 : /// SemaBuiltinShuffleVector - Handle __builtin_shufflevector.
627 : // This is declared to take (...), so we have to check everything.
628 102: Action::OwningExprResult Sema::SemaBuiltinShuffleVector(CallExpr *TheCall) {
0: branch 1 not taken
102: branch 2 taken
629 102: if (TheCall->getNumArgs() < 3)
630 : return ExprError(Diag(TheCall->getLocEnd(),
631 : diag::err_typecheck_call_too_few_args)
632 0: << 0 /*function call*/ << TheCall->getSourceRange());
633 :
634 102: unsigned numElements = std::numeric_limits<unsigned>::max();
102: branch 2 taken
0: branch 3 not taken
102: branch 6 taken
0: branch 7 not taken
102: branch 8 taken
0: branch 9 not taken
635 102: if (!TheCall->getArg(0)->isTypeDependent() &&
636 : !TheCall->getArg(1)->isTypeDependent()) {
637 102: QualType FAType = TheCall->getArg(0)->getType();
638 102: QualType SAType = TheCall->getArg(1)->getType();
639 :
102: branch 2 taken
0: branch 3 not taken
0: branch 6 not taken
102: branch 7 taken
0: branch 8 not taken
102: branch 9 taken
640 102: if (!FAType->isVectorType() || !SAType->isVectorType()) {
641 : Diag(TheCall->getLocStart(), diag::err_shufflevector_non_vector)
642 : << SourceRange(TheCall->getArg(0)->getLocStart(),
643 0: TheCall->getArg(1)->getLocEnd());
644 0: return ExprError();
645 : }
646 :
0: branch 1 not taken
102: branch 2 taken
647 102: if (!Context.hasSameUnqualifiedType(FAType, SAType)) {
648 : Diag(TheCall->getLocStart(), diag::err_shufflevector_incompatible_vector)
649 : << SourceRange(TheCall->getArg(0)->getLocStart(),
650 0: TheCall->getArg(1)->getLocEnd());
651 0: return ExprError();
652 : }
653 :
654 102: numElements = FAType->getAs<VectorType>()->getNumElements();
0: branch 1 not taken
102: branch 2 taken
655 102: if (TheCall->getNumArgs() != numElements+2) {
0: branch 1 not taken
0: branch 2 not taken
656 0: if (TheCall->getNumArgs() < numElements+2)
657 : return ExprError(Diag(TheCall->getLocEnd(),
658 : diag::err_typecheck_call_too_few_args)
659 0: << 0 /*function call*/ << TheCall->getSourceRange());
660 : return ExprError(Diag(TheCall->getLocEnd(),
661 : diag::err_typecheck_call_too_many_args)
662 0: << 0 /*function call*/ << TheCall->getSourceRange());
663 : }
664 : }
665 :
458: branch 1 taken
1: branch 2 taken
461: branch 4 taken
101: branch 5 taken
666 1021: for (unsigned i = 2; i < TheCall->getNumArgs(); i++) {
461: branch 2 taken
0: branch 3 not taken
2: branch 6 taken
459: branch 7 taken
459: branch 8 taken
2: branch 9 taken
667 461: if (TheCall->getArg(i)->isTypeDependent() ||
668 : TheCall->getArg(i)->isValueDependent())
669 2: continue;
670 :
671 459: llvm::APSInt Result(32);
0: branch 2 not taken
459: branch 3 taken
672 459: if (!TheCall->getArg(i)->isIntegerConstantExpr(Result, Context))
673 : return ExprError(Diag(TheCall->getLocStart(),
674 : diag::err_shufflevector_nonconstant_argument)
675 0: << TheCall->getArg(i)->getSourceRange());
676 :
459: branch 1 taken
0: branch 2 not taken
1: branch 4 taken
458: branch 5 taken
1: branch 6 taken
458: branch 7 taken
677 459: if (Result.getActiveBits() > 64 || Result.getZExtValue() >= numElements*2)
678 : return ExprError(Diag(TheCall->getLocStart(),
679 : diag::err_shufflevector_argument_too_large)
680 1: << TheCall->getArg(i)->getSourceRange());
681 : }
682 :
683 101: llvm::SmallVector<Expr*, 32> exprs;
684 :
662: branch 1 taken
101: branch 2 taken
685 763: for (unsigned i = 0, e = TheCall->getNumArgs(); i != e; i++) {
686 662: exprs.push_back(TheCall->getArg(i));
687 662: TheCall->setArg(i, 0);
688 : }
689 :
690 : return Owned(new (Context) ShuffleVectorExpr(Context, exprs.begin(),
691 : exprs.size(), exprs[0]->getType(),
692 : TheCall->getCallee()->getLocStart(),
101: branch 8 taken
0: branch 9 not taken
693 101: TheCall->getRParenLoc()));
694 : }
695 :
696 : /// SemaBuiltinPrefetch - Handle __builtin_prefetch.
697 : // This is declared to take (const void*, ...) and can take two
698 : // optional constant int args.
699 14: bool Sema::SemaBuiltinPrefetch(CallExpr *TheCall) {
700 14: unsigned NumArgs = TheCall->getNumArgs();
701 :
1: branch 0 taken
13: branch 1 taken
702 14: if (NumArgs > 3)
703 : return Diag(TheCall->getLocEnd(), diag::err_typecheck_call_too_many_args)
704 1: << 0 /*function call*/ << TheCall->getSourceRange();
705 :
706 : // Argument 0 is checked for us and the remaining arguments must be
707 : // constant integers.
9: branch 1 taken
4: branch 2 taken
14: branch 3 taken
8: branch 4 taken
708 35: for (unsigned i = 1; i != NumArgs; ++i) {
709 14: Expr *Arg = TheCall->getArg(i);
14: branch 1 taken
0: branch 2 not taken
710 14: if (Arg->isTypeDependent())
711 0: continue;
712 :
1: branch 3 taken
13: branch 4 taken
713 14: if (!Arg->getType()->isIntegralType())
714 : return Diag(TheCall->getLocStart(), diag::err_prefetch_invalid_arg_type)
715 1: << Arg->getSourceRange();
716 :
717 13: ImpCastExprToType(Arg, Context.IntTy, CastExpr::CK_IntegralCast);
718 13: TheCall->setArg(i, Arg);
719 :
0: branch 1 not taken
13: branch 2 taken
720 13: if (Arg->isValueDependent())
721 0: continue;
722 :
723 13: llvm::APSInt Result;
1: branch 1 taken
12: branch 2 taken
724 13: if (!Arg->isIntegerConstantExpr(Result, Context))
725 : return Diag(TheCall->getLocStart(), diag::err_prefetch_invalid_arg_ice)
726 1: << SourceRange(Arg->getLocStart(), Arg->getLocEnd());
727 :
728 : // FIXME: gcc issues a warning and rewrites these to 0. These
729 : // seems especially odd for the third argument since the default
730 : // is 3.
8: branch 0 taken
4: branch 1 taken
731 12: if (i == 1) {
2: branch 1 taken
6: branch 2 taken
732 8: if (Result.getLimitedValue() > 1)
733 : return Diag(TheCall->getLocStart(), diag::err_argument_invalid_range)
734 2: << "0" << "1" << Arg->getSourceRange();
735 : } else {
1: branch 1 taken
3: branch 2 taken
736 4: if (Result.getLimitedValue() > 3)
737 : return Diag(TheCall->getLocStart(), diag::err_argument_invalid_range)
738 1: << "0" << "3" << Arg->getSourceRange();
739 : }
740 : }
741 :
742 8: return false;
743 : }
744 :
745 : /// SemaBuiltinEHReturnDataRegNo - Handle __builtin_eh_return_data_regno, the
746 : /// operand must be an integer constant.
747 2: bool Sema::SemaBuiltinEHReturnDataRegNo(CallExpr *TheCall) {
748 2: llvm::APSInt Result;
1: branch 2 taken
1: branch 3 taken
749 2: if (!TheCall->getArg(0)->isIntegerConstantExpr(Result, Context))
750 : return Diag(TheCall->getLocStart(), diag::err_expr_not_ice)
751 1: << TheCall->getArg(0)->getSourceRange();
752 :
753 1: return false;
754 : }
755 :
756 :
757 : /// SemaBuiltinObjectSize - Handle __builtin_object_size(void *ptr,
758 : /// int type). This simply type checks that type is one of the defined
759 : /// constants (0-3).
760 : // For compatability check 0-3, llvm only handles 0 and 2.
761 53: bool Sema::SemaBuiltinObjectSize(CallExpr *TheCall) {
762 53: Expr *Arg = TheCall->getArg(1);
0: branch 1 not taken
53: branch 2 taken
763 53: if (Arg->isTypeDependent())
764 0: return false;
765 :
766 53: QualType ArgType = Arg->getType();
767 53: const BuiltinType *BT = ArgType->getAs<BuiltinType>();
768 53: llvm::APSInt Result(32);
53: branch 0 taken
0: branch 1 not taken
0: branch 3 not taken
53: branch 4 taken
0: branch 5 not taken
53: branch 6 taken
769 53: if (!BT || BT->getKind() != BuiltinType::Int)
770 : return Diag(TheCall->getLocStart(), diag::err_object_size_invalid_argument)
771 0: << SourceRange(Arg->getLocStart(), Arg->getLocEnd());
772 :
0: branch 1 not taken
53: branch 2 taken
773 53: if (Arg->isValueDependent())
774 0: return false;
775 :
0: branch 1 not taken
53: branch 2 taken
776 53: if (!Arg->isIntegerConstantExpr(Result, Context)) {
777 : return Diag(TheCall->getLocStart(), diag::err_object_size_invalid_argument)
778 0: << SourceRange(Arg->getLocStart(), Arg->getLocEnd());
779 : }
780 :
51: branch 1 taken
2: branch 2 taken
2: branch 4 taken
49: branch 5 taken
4: branch 6 taken
49: branch 7 taken
781 53: if (Result.getSExtValue() < 0 || Result.getSExtValue() > 3) {
782 : return Diag(TheCall->getLocStart(), diag::err_argument_invalid_range)
783 4: << "0" << "3" << SourceRange(Arg->getLocStart(), Arg->getLocEnd());
784 : }
785 :
786 49: return false;
787 : }
788 :
789 : /// SemaBuiltinLongjmp - Handle __builtin_longjmp(void *env[5], int val).
790 : /// This checks that val is a constant 1.
791 0: bool Sema::SemaBuiltinLongjmp(CallExpr *TheCall) {
792 0: Expr *Arg = TheCall->getArg(1);
0: branch 1 not taken
0: branch 2 not taken
0: branch 4 not taken
0: branch 5 not taken
0: branch 6 not taken
0: branch 7 not taken
793 0: if (Arg->isTypeDependent() || Arg->isValueDependent())
794 0: return false;
795 :
796 0: llvm::APSInt Result(32);
0: branch 1 not taken
0: branch 2 not taken
0: branch 4 not taken
0: branch 5 not taken
0: branch 6 not taken
0: branch 7 not taken
797 0: if (!Arg->isIntegerConstantExpr(Result, Context) || Result != 1)
798 : return Diag(TheCall->getLocStart(), diag::err_builtin_longjmp_invalid_val)
799 0: << SourceRange(Arg->getLocStart(), Arg->getLocEnd());
800 :
801 0: return false;
802 : }
803 :
804 : // Handle i > 1 ? "x" : "y", recursivelly
805 : bool Sema::SemaCheckStringLiteral(const Expr *E, const CallExpr *TheCall,
806 : bool HasVAListArg,
807 528: unsigned format_idx, unsigned firstDataArg) {
528: branch 1 taken
0: branch 2 not taken
0: branch 4 not taken
528: branch 5 taken
0: branch 6 not taken
528: branch 7 taken
808 528: if (E->isTypeDependent() || E->isValueDependent())
809 0: return false;
810 :
6: branch 1 taken
13: branch 2 taken
2: branch 3 taken
27: branch 4 taken
3: branch 5 taken
477: branch 6 taken
0: branch 7 not taken
811 528: switch (E->getStmtClass()) {
812 : case Stmt::ConditionalOperatorClass: {
813 6: const ConditionalOperator *C = cast<ConditionalOperator>(E);
814 : return SemaCheckStringLiteral(C->getTrueExpr(), TheCall,
815 : HasVAListArg, format_idx, firstDataArg)
816 : && SemaCheckStringLiteral(C->getRHS(), TheCall,
4: branch 2 taken
2: branch 3 taken
4: branch 6 taken
0: branch 7 not taken
817 6: HasVAListArg, format_idx, firstDataArg);
818 : }
819 :
820 : case Stmt::ImplicitCastExprClass: {
821 13: const ImplicitCastExpr *Expr = cast<ImplicitCastExpr>(E);
822 : return SemaCheckStringLiteral(Expr->getSubExpr(), TheCall, HasVAListArg,
823 13: format_idx, firstDataArg);
824 : }
825 :
826 : case Stmt::ParenExprClass: {
827 2: const ParenExpr *Expr = cast<ParenExpr>(E);
828 : return SemaCheckStringLiteral(Expr->getSubExpr(), TheCall, HasVAListArg,
829 2: format_idx, firstDataArg);
830 : }
831 :
832 : case Stmt::DeclRefExprClass: {
833 27: const DeclRefExpr *DR = cast<DeclRefExpr>(E);
834 :
835 : // As an exception, do not flag errors for variables binding to
836 : // const string literals.
26: branch 2 taken
1: branch 3 taken
837 27: if (const VarDecl *VD = dyn_cast<VarDecl>(DR->getDecl())) {
838 26: bool isConstant = false;
839 26: QualType T = DR->getType();
840 :
2: branch 1 taken
24: branch 2 taken
841 26: if (const ArrayType *AT = Context.getAsArrayType(T)) {
842 2: isConstant = AT->getElementType().isConstant(Context);
24: branch 2 taken
0: branch 3 not taken
843 24: } else if (const PointerType *PT = T->getAs<PointerType>()) {
844 : isConstant = T.isConstant(Context) &&
2: branch 1 taken
22: branch 2 taken
1: branch 5 taken
1: branch 6 taken
845 24: PT->getPointeeType().isConstant(Context);
846 : }
847 :
3: branch 0 taken
23: branch 1 taken
848 26: if (isConstant) {
2: branch 1 taken
1: branch 2 taken
849 3: if (const Expr *Init = VD->getAnyInitializer())
850 : return SemaCheckStringLiteral(Init, TheCall,
851 2: HasVAListArg, format_idx, firstDataArg);
852 : }
853 :
854 : // For vprintf* functions (i.e., HasVAListArg==true), we add a
855 : // special check to see if the format string is a function parameter
856 : // of the function calling the printf function. If the function
857 : // has an attribute indicating it is a printf-like function, then we
858 : // should suppress warnings concerning non-literals being used in a call
859 : // to a vprintf function. For example:
860 : //
861 : // void
862 : // logmessage(char const *fmt __attribute__ (format (printf, 1, 2)), ...){
863 : // va_list ap;
864 : // va_start(ap, fmt);
865 : // vprintf(fmt, ap); // Do NOT emit a warning about "fmt".
866 : // ...
867 : //
868 : //
869 : // FIXME: We don't have full attribute support yet, so just check to see
870 : // if the argument is a DeclRefExpr that references a parameter. We'll
871 : // add proper support for checking the attribute later.
11: branch 0 taken
13: branch 1 taken
872 24: if (HasVAListArg)
9: branch 1 taken
2: branch 2 taken
873 11: if (isa<ParmVarDecl>(VD))
874 9: return true;
875 : }
876 :
877 16: return false;
878 : }
879 :
880 : case Stmt::CallExprClass: {
881 3: const CallExpr *CE = cast<CallExpr>(E);
3: branch 0 taken
0: branch 1 not taken
882 3: if (const ImplicitCastExpr *ICE
883 3: = dyn_cast<ImplicitCastExpr>(CE->getCallee())) {
3: branch 2 taken
0: branch 3 not taken
884 3: if (const DeclRefExpr *DRE = dyn_cast<DeclRefExpr>(ICE->getSubExpr())) {
3: branch 2 taken
0: branch 3 not taken
885 3: if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(DRE->getDecl())) {
3: branch 1 taken
0: branch 2 not taken
886 3: if (const FormatArgAttr *FA = FD->getAttr<FormatArgAttr>()) {
887 3: unsigned ArgIndex = FA->getFormatIdx();
888 3: const Expr *Arg = CE->getArg(ArgIndex - 1);
889 :
890 : return SemaCheckStringLiteral(Arg, TheCall, HasVAListArg,
891 3: format_idx, firstDataArg);
892 : }
893 : }
894 : }
895 : }
896 :
897 0: return false;
898 : }
899 : case Stmt::ObjCStringLiteralClass:
900 : case Stmt::StringLiteralClass: {
901 477: const StringLiteral *StrE = NULL;
902 :
37: branch 1 taken
440: branch 2 taken
903 477: if (const ObjCStringLiteral *ObjCFExpr = dyn_cast<ObjCStringLiteral>(E))
904 37: StrE = ObjCFExpr->getString();
905 : else
906 440: StrE = cast<StringLiteral>(E);
907 :
477: branch 0 taken
0: branch 1 not taken
908 477: if (StrE) {
909 : CheckPrintfString(StrE, E, TheCall, HasVAListArg, format_idx,
910 477: firstDataArg);
911 477: return true;
912 : }
913 :
914 0: return false;
915 : }
916 :
917 : default:
918 0: return false;
919 : }
920 : }
921 :
922 : void
923 : Sema::CheckNonNullArguments(const NonNullAttr *NonNull,
924 46: const CallExpr *TheCall) {
62: branch 2 taken
46: branch 3 taken
925 108: for (NonNullAttr::iterator i = NonNull->begin(), e = NonNull->end();
926 : i != e; ++i) {
927 62: const Expr *ArgExpr = TheCall->getArg(*i);
6: branch 1 taken
56: branch 2 taken
928 62: if (ArgExpr->isNullPointerConstant(Context,
929 : Expr::NPC_ValueDependentIsNotNull))
930 : Diag(TheCall->getCallee()->getLocStart(), diag::warn_null_arg)
931 6: << ArgExpr->getSourceRange();
932 : }
933 46: }
934 :
935 : /// CheckPrintfArguments - Check calls to printf (and similar functions) for
936 : /// correct use of format strings.
937 : ///
938 : /// HasVAListArg - A predicate indicating whether the printf-like
939 : /// function is passed an explicit va_arg argument (e.g., vprintf)
940 : ///
941 : /// format_idx - The index into Args for the format string.
942 : ///
943 : /// Improper format strings to functions in the printf family can be
944 : /// the source of bizarre bugs and very serious security holes. A
945 : /// good source of information is available in the following paper
946 : /// (which includes additional references):
947 : ///
948 : /// FormatGuard: Automatic Protection From printf Format String
949 : /// Vulnerabilities, Proceedings of the 10th USENIX Security Symposium, 2001.
950 : ///
951 : /// Functionality implemented:
952 : ///
953 : /// We can statically check the following properties for string
954 : /// literal format strings for non v.*printf functions (where the
955 : /// arguments are passed directly):
956 : //
957 : /// (1) Are the number of format conversions equal to the number of
958 : /// data arguments?
959 : ///
960 : /// (2) Does each format conversion correctly match the type of the
961 : /// corresponding data argument? (TODO)
962 : ///
963 : /// Moreover, for all printf functions we can:
964 : ///
965 : /// (3) Check for a missing format string (when not caught by type checking).
966 : ///
967 : /// (4) Check for no-operation flags; e.g. using "#" with format
968 : /// conversion 'c' (TODO)
969 : ///
970 : /// (5) Check the use of '%n', a major source of security holes.
971 : ///
972 : /// (6) Check for malformed format conversions that don't specify anything.
973 : ///
974 : /// (7) Check for empty format strings. e.g: printf("");
975 : ///
976 : /// (8) Check that the format string is a wide literal.
977 : ///
978 : /// All of these checks can be done by parsing the format string.
979 : ///
980 : /// For now, we ONLY do (1), (3), (5), (6), (7), and (8).
981 : void
982 : Sema::CheckPrintfArguments(const CallExpr *TheCall, bool HasVAListArg,
983 498: unsigned format_idx, unsigned firstDataArg) {
984 498: const Expr *Fn = TheCall->getCallee();
985 :
986 : // The way the format attribute works in GCC, the implicit this argument
987 : // of member functions is counted. However, it doesn't appear in our own
988 : // lists, so decrement format_idx in that case.
1: branch 1 taken
497: branch 2 taken
989 498: if (isa<CXXMemberCallExpr>(TheCall)) {
990 : // Catch a format attribute mistakenly referring to the object argument.
0: branch 0 not taken
1: branch 1 taken
991 1: if (format_idx == 0)
992 0: return;
993 1: --format_idx;
1: branch 0 taken
0: branch 1 not taken
994 1: if(firstDataArg != 0)
995 1: --firstDataArg;
996 : }
997 :
998 : // CHECK: printf-like function is called with no format string.
0: branch 1 not taken
498: branch 2 taken
999 498: if (format_idx >= TheCall->getNumArgs()) {
1000 : Diag(TheCall->getRParenLoc(), diag::warn_printf_missing_format_string)
1001 0: << Fn->getSourceRange();
1002 0: return;
1003 : }
1004 :
1005 498: const Expr *OrigFormatExpr = TheCall->getArg(format_idx)->IgnoreParenCasts();
1006 :
1007 : // CHECK: format string is not a string literal.
1008 : //
1009 : // Dynamically generated format strings are difficult to
1010 : // automatically vet at compile time. Requiring that format strings
1011 : // are string literals: (1) permits the checking of format strings by
1012 : // the compiler and thereby (2) can practically remove the source of
1013 : // many format string exploits.
1014 :
1015 : // Format string can be either ObjC string (e.g. @"%d") or
1016 : // C string (e.g. "%d")
1017 : // ObjC string uses the same format specifiers as C string, so we can use
1018 : // the same format string checking logic for both ObjC and C strings.
482: branch 1 taken
16: branch 2 taken
1019 498: if (SemaCheckStringLiteral(OrigFormatExpr, TheCall, HasVAListArg, format_idx,
1020 : firstDataArg))
1021 482: return; // Literal format string found, check done!
1022 :
1023 : // If there are no arguments specified, warn with -Wformat-security, otherwise
1024 : // warn only with -Wformat-nonliteral.
13: branch 1 taken
3: branch 2 taken
1025 16: if (TheCall->getNumArgs() == format_idx+1)
1026 : Diag(TheCall->getArg(format_idx)->getLocStart(),
1027 : diag::warn_printf_nonliteral_noargs)
1028 13: << OrigFormatExpr->getSourceRange();
1029 : else
1030 : Diag(TheCall->getArg(format_idx)->getLocStart(),
1031 : diag::warn_printf_nonliteral)
1032 3: << OrigFormatExpr->getSourceRange();
1033 : }
1034 :
1035 : namespace {
0: branch 1 not taken
0: branch 2 not taken
0: branch 5 not taken
473: branch 6 taken
1036 473: class CheckPrintfHandler : public analyze_printf::FormatStringHandler {
1037 : Sema &S;
1038 : const StringLiteral *FExpr;
1039 : const Expr *OrigFormatExpr;
1040 : unsigned NumConversions;
1041 : const unsigned NumDataArgs;
1042 : const bool IsObjCLiteral;
1043 : const char *Beg; // Start of format string.
1044 : const bool HasVAListArg;
1045 : const CallExpr *TheCall;
1046 : unsigned FormatIdx;
1047 : public:
1048 : CheckPrintfHandler(Sema &s, const StringLiteral *fexpr,
1049 : const Expr *origFormatExpr,
1050 : unsigned numDataArgs, bool isObjCLiteral,
1051 : const char *beg, bool hasVAListArg,
1052 473: const CallExpr *theCall, unsigned formatIdx)
1053 : : S(s), FExpr(fexpr), OrigFormatExpr(origFormatExpr),
1054 : NumConversions(0), NumDataArgs(numDataArgs),
1055 : IsObjCLiteral(isObjCLiteral), Beg(beg),
1056 : HasVAListArg(hasVAListArg),
1057 473: TheCall(theCall), FormatIdx(formatIdx) {}
1058 :
1059 : void DoneProcessing();
1060 :
1061 : void HandleIncompleteFormatSpecifier(const char *startSpecifier,
1062 : unsigned specifierLen);
1063 :
1064 : void
1065 : HandleInvalidConversionSpecifier(const analyze_printf::FormatSpecifier &FS,
1066 : const char *startSpecifier,
1067 : unsigned specifierLen);
1068 :
1069 : void HandleNullChar(const char *nullCharacter);
1070 :
1071 : bool HandleFormatSpecifier(const analyze_printf::FormatSpecifier &FS,
1072 : const char *startSpecifier,
1073 : unsigned specifierLen);
1074 : private:
1075 : SourceRange getFormatStringRange();
1076 : SourceRange getFormatSpecifierRange(const char *startSpecifier,
1077 : unsigned specifierLen);
1078 : SourceLocation getLocationOfByte(const char *x);
1079 :
1080 : bool HandleAmount(const analyze_printf::OptionalAmount &Amt,
1081 : unsigned MissingArgDiag, unsigned BadTypeDiag,
1082 : const char *startSpecifier, unsigned specifierLen);
1083 :
1084 : bool MatchType(QualType A, QualType B, bool ignoreSign);
1085 :
1086 : const Expr *getDataArg(unsigned i) const;
1087 : };
1088 : }
1089 :
1090 7: SourceRange CheckPrintfHandler::getFormatStringRange() {
1091 7: return OrigFormatExpr->getSourceRange();
1092 : }
1093 :
1094 : SourceRange CheckPrintfHandler::
1095 26: getFormatSpecifierRange(const char *startSpecifier, unsigned specifierLen) {
1096 : return SourceRange(getLocationOfByte(startSpecifier),
1097 26: getLocationOfByte(startSpecifier+specifierLen-1));
1098 : }
1099 :
1100 102: SourceLocation CheckPrintfHandler::getLocationOfByte(const char *x) {
1101 102: return S.getLocationOfStringLiteralByte(FExpr, x - Beg);
1102 : }
1103 :
1104 : void CheckPrintfHandler::
1105 : HandleIncompleteFormatSpecifier(const char *startSpecifier,
1106 3: unsigned specifierLen) {
1107 3: SourceLocation Loc = getLocationOfByte(startSpecifier);
1108 : S.Diag(Loc, diag::warn_printf_incomplete_specifier)
1109 3: << getFormatSpecifierRange(startSpecifier, specifierLen);
1110 3: }
1111 :
1112 : void CheckPrintfHandler::
1113 : HandleInvalidConversionSpecifier(const analyze_printf::FormatSpecifier &FS,
1114 : const char *startSpecifier,
1115 8: unsigned specifierLen) {
1116 :
1117 8: ++NumConversions;
1118 : const analyze_printf::ConversionSpecifier &CS =
1119 8: FS.getConversionSpecifier();
1120 8: SourceLocation Loc = getLocationOfByte(CS.getStart());
1121 : S.Diag(Loc, diag::warn_printf_invalid_conversion)
1122 : << llvm::StringRef(CS.getStart(), CS.getLength())
1123 8: << getFormatSpecifierRange(startSpecifier, specifierLen);
1124 8: }
1125 :
1126 5: void CheckPrintfHandler::HandleNullChar(const char *nullCharacter) {
1127 : // The presence of a null character is likely an error.
1128 : S.Diag(getLocationOfByte(nullCharacter),
1129 : diag::warn_printf_format_string_contains_null_char)
1130 5: << getFormatStringRange();
1131 5: }
1132 :
1133 527: const Expr *CheckPrintfHandler::getDataArg(unsigned i) const {
1134 527: return TheCall->getArg(FormatIdx + i);
1135 : }
1136 :
1137 437: bool CheckPrintfHandler::MatchType(QualType A, QualType B, bool ignoreSign) {
1138 437: A = S.Context.getCanonicalType(A).getUnqualifiedType();
1139 437: B = S.Context.getCanonicalType(B).getUnqualifiedType();
1140 :
391: branch 1 taken
46: branch 2 taken
1141 437: if (A == B)
1142 391: return true;
1143 :
46: branch 0 taken
0: branch 1 not taken
1144 46: if (ignoreSign) {
34: branch 2 taken
12: branch 3 taken
1145 46: if (const BuiltinType *BT = B->getAs<BuiltinType>()) {
1: branch 1 taken
0: branch 2 not taken
0: branch 3 not taken
0: branch 4 not taken
0: branch 5 not taken
13: branch 6 taken
16: branch 7 taken
0: branch 8 not taken
0: branch 9 not taken
4: branch 10 taken
0: branch 11 not taken
1146 34: switch (BT->getKind()) {
1147 : default:
1148 1: return false;
1149 : case BuiltinType::Char_S:
1150 : case BuiltinType::SChar:
1151 0: return A == S.Context.UnsignedCharTy;
1152 : case BuiltinType::Char_U:
1153 : case BuiltinType::UChar:
1154 0: return A == S.Context.SignedCharTy;
1155 : case BuiltinType::Short:
1156 0: return A == S.Context.UnsignedShortTy;
1157 : case BuiltinType::UShort:
1158 0: return A == S.Context.ShortTy;
1159 : case BuiltinType::Int:
1160 13: return A == S.Context.UnsignedIntTy;
1161 : case BuiltinType::UInt:
1162 16: return A == S.Context.IntTy;
1163 : case BuiltinType::Long:
1164 0: return A == S.Context.UnsignedLongTy;
1165 : case BuiltinType::ULong:
1166 0: return A == S.Context.LongTy;
1167 : case BuiltinType::LongLong:
1168 4: return A == S.Context.UnsignedLongLongTy;
1169 : case BuiltinType::ULongLong:
1170 0: return A == S.Context.LongLongTy;
1171 : }
1172 : return A == B;
1173 : }
1174 : }
1175 12: return false;
1176 : }
1177 :
1178 : bool
1179 : CheckPrintfHandler::HandleAmount(const analyze_printf::OptionalAmount &Amt,
1180 : unsigned MissingArgDiag,
1181 : unsigned BadTypeDiag,
1182 : const char *startSpecifier,
1183 1084: unsigned specifierLen) {
1184 :
17: branch 1 taken
1067: branch 2 taken
1185 1084: if (Amt.hasDataArgument()) {
1186 17: ++NumConversions;
14: branch 0 taken
3: branch 1 taken
1187 17: if (!HasVAListArg) {
4: branch 0 taken
10: branch 1 taken
1188 14: if (NumConversions > NumDataArgs) {
1189 : S.Diag(getLocationOfByte(Amt.getStart()), MissingArgDiag)
1190 4: << getFormatSpecifierRange(startSpecifier, specifierLen);
1191 : // Don't do any more checking. We will just emit
1192 : // spurious errors.
1193 4: return false;
1194 : }
1195 :
1196 : // Type check the data argument. It should be an 'int'.
1197 : // Although not in conformance with C99, we also allow the argument to be
1198 : // an 'unsigned int' as that is a reasonably safe case. GCC also
1199 : // doesn't emit a warning for that case.
1200 10: const Expr *Arg = getDataArg(NumConversions);
1201 10: QualType T = Arg->getType();
4: branch 2 taken
6: branch 3 taken
1202 10: if (!MatchType(T, S.Context.IntTy, true)) {
1203 : S.Diag(getLocationOfByte(Amt.getStart()), BadTypeDiag)
1204 : << S.Context.IntTy << T
1205 : << getFormatSpecifierRange(startSpecifier, specifierLen)
1206 4: << Arg->getSourceRange();
1207 : // Don't do any more checking. We will just emit
1208 : // spurious errors.
1209 4: return false;
1210 : }
1211 : }
1212 : }
1213 1076: return true;
1214 : }
1215 :
1216 : bool
1217 : CheckPrintfHandler::HandleFormatSpecifier(const analyze_printf::FormatSpecifier &FS,
1218 : const char *startSpecifier,
1219 544: unsigned specifierLen) {
1220 :
1221 : using namespace analyze_printf;
1222 544: const ConversionSpecifier &CS = FS.getConversionSpecifier();
1223 :
1224 : // First check if the field width, precision, and conversion specifier
1225 : // have matching data arguments.
4: branch 2 taken
540: branch 3 taken
1226 544: if (!HandleAmount(FS.getFieldWidth(),
1227 : diag::warn_printf_asterisk_width_missing_arg,
1228 : diag::warn_printf_asterisk_width_wrong_type,
1229 : startSpecifier, specifierLen)) {
1230 4: return false;
1231 : }
1232 :
4: branch 2 taken
536: branch 3 taken
1233 540: if (!HandleAmount(FS.getPrecision(),
1234 : diag::warn_printf_asterisk_precision_missing_arg,
1235 : diag::warn_printf_asterisk_precision_wrong_type,
1236 : startSpecifier, specifierLen)) {
1237 4: return false;
1238 : }
1239 :
1240 : // Check for using an Objective-C specific conversion specifier
1241 : // in a non-ObjC literal.
514: branch 0 taken
22: branch 1 taken
1: branch 3 taken
513: branch 4 taken
1: branch 5 taken
535: branch 6 taken
1242 536: if (!IsObjCLiteral && CS.isObjCArg()) {
1243 1: HandleInvalidConversionSpecifier(FS, startSpecifier, specifierLen);
1244 :
1245 : // Continue checking the other format specifiers.
1246 1: return true;
1247 : }
1248 :
11: branch 1 taken
524: branch 2 taken
1249 535: if (!CS.consumesDataArgument()) {
1250 : // FIXME: Technically specifying a precision or field width here
1251 : // makes no sense. Worth issuing a warning at some point.
1252 11: return true;
1253 : }
1254 :
1255 524: ++NumConversions;
1256 :
1257 : // Are we using '%n'? Issue a warning about this being
1258 : // a possible security issue.
4: branch 1 taken
520: branch 2 taken
1259 524: if (CS.getKind() == ConversionSpecifier::OutIntPtrArg) {
1260 : S.Diag(getLocationOfByte(CS.getStart()), diag::warn_printf_write_back)
1261 4: << getFormatSpecifierRange(startSpecifier, specifierLen);
1262 : // Continue checking the other format specifiers.
1263 4: return true;
1264 : }
1265 :
1266 :
1267 : // The remaining checks depend on the data arguments.
2: branch 0 taken
518: branch 1 taken
1268 520: if (HasVAListArg)
1269 2: return true;
1270 :
3: branch 0 taken
515: branch 1 taken
1271 518: if (NumConversions > NumDataArgs) {
1272 : S.Diag(getLocationOfByte(CS.getStart()),
1273 : diag::warn_printf_insufficient_data_args)
1274 3: << getFormatSpecifierRange(startSpecifier, specifierLen);
1275 : // Don't do any more checking.
1276 3: return false;
1277 : }
1278 :
1279 : // Now type check the data expression that matches the
1280 : // format specifier.
1281 515: const Expr *Ex = getDataArg(NumConversions);
1282 515: const analyze_printf::ArgTypeResult &ATR = FS.getArgType(S.Context);
1283 :
426: branch 1 taken
89: branch 2 taken
1284 515: if (const QualType *T = ATR.getSpecificType()) {
20: branch 2 taken
406: branch 3 taken
1285 426: if (!MatchType(*T, Ex->getType(), true)) {
1286 : // Check if we didn't match because of an implicit cast from a 'char'
1287 : // or 'short' to an 'int'. This is done because printf is a varargs
1288 : // function.
1: branch 1 taken
19: branch 2 taken
1289 20: if (const ImplicitCastExpr *ICE = dyn_cast<ImplicitCastExpr>(Ex))
1: branch 3 taken
0: branch 4 not taken
1290 1: if (ICE->getType() == S.Context.IntTy)
1: branch 3 taken
0: branch 4 not taken
1291 1: if (MatchType(*T, ICE->getSubExpr()->getType(), true))
1292 1: return true;
1293 :
1294 : S.Diag(getLocationOfByte(CS.getStart()),
1295 : diag::warn_printf_conversion_argument_type_mismatch)
1296 19: << *T << Ex->getType();
1297 : // << getFormatSpecifierRange(startSpecifier, specifierLen)
1298 : // << Ex->getSourceRange();
1299 : }
1300 425: return true;
1301 : }
1302 :
1303 89: return true;
1304 : }
1305 :
1306 454: void CheckPrintfHandler::DoneProcessing() {
1307 : // Does the number of data arguments exceed the number of
1308 : // format conversions in the format string?
451: branch 0 taken
3: branch 1 taken
2: branch 2 taken
449: branch 3 taken
1309 454: if (!HasVAListArg && NumConversions < NumDataArgs)
1310 : S.Diag(getDataArg(NumConversions+1)->getLocStart(),
1311 : diag::warn_printf_too_many_data_args)
1312 2: << getFormatStringRange();
1313 454: }
1314 :
1315 : void Sema::CheckPrintfString(const StringLiteral *FExpr,
1316 : const Expr *OrigFormatExpr,
1317 : const CallExpr *TheCall, bool HasVAListArg,
1318 477: unsigned format_idx, unsigned firstDataArg) {
1319 :
1320 : // CHECK: is the format string a wide literal?
2: branch 1 taken
475: branch 2 taken
1321 477: if (FExpr->isWide()) {
1322 : Diag(FExpr->getLocStart(),
1323 : diag::warn_printf_format_string_is_wide_literal)
1324 2: << OrigFormatExpr->getSourceRange();
1325 2: return;
1326 : }
1327 :
1328 : // Str - The format string. NOTE: this is NOT null-terminated!
1329 475: const char *Str = FExpr->getStrData();
1330 :
1331 : // CHECK: empty format string?
1332 475: unsigned StrLen = FExpr->getByteLength();
1333 :
2: branch 0 taken
473: branch 1 taken
1334 475: if (StrLen == 0) {
1335 : Diag(FExpr->getLocStart(), diag::warn_printf_empty_format_string)
1336 2: << OrigFormatExpr->getSourceRange();
1337 2: return;
1338 : }
1339 :
1340 : CheckPrintfHandler H(*this, FExpr, OrigFormatExpr,
1341 : TheCall->getNumArgs() - firstDataArg,
1342 : isa<ObjCStringLiteral>(OrigFormatExpr), Str,
1343 473: HasVAListArg, TheCall, format_idx);
1344 :
454: branch 1 taken
19: branch 2 taken
1345 473: if (!analyze_printf::ParseFormatString(H, Str, Str + StrLen))
1346 454: H.DoneProcessing();
1347 : }
1348 :
1349 : //===--- CHECK: Return Address of Stack Variable --------------------------===//
1350 :
1351 : static DeclRefExpr* EvalVal(Expr *E);
1352 : static DeclRefExpr* EvalAddr(Expr* E);
1353 :
1354 : /// CheckReturnStackAddr - Check if a return statement returns the address
1355 : /// of a stack variable.
1356 : void
1357 : Sema::CheckReturnStackAddr(Expr *RetValExp, QualType lhsType,
1358 4080: SourceLocation ReturnLoc) {
1359 :
1360 : // Perform checking for returned stack addresses.
3669: branch 2 taken
411: branch 3 taken
20: branch 6 taken
3649: branch 7 taken
431: branch 8 taken
3649: branch 9 taken
1361 4080: if (lhsType->isPointerType() || lhsType->isBlockPointerType()) {
23: branch 1 taken
408: branch 2 taken
1362 431: if (DeclRefExpr *DR = EvalAddr(RetValExp))
1363 : Diag(DR->getLocStart(), diag::warn_ret_stack_addr)
1364 23: << DR->getDecl()->getDeclName() << RetValExp->getSourceRange();
1365 :
1366 : // Skip over implicit cast expressions when checking for block expressions.
1367 431: RetValExp = RetValExp->IgnoreParenCasts();
1368 :
12: branch 1 taken
419: branch 2 taken
1369 431: if (BlockExpr *C = dyn_cast<BlockExpr>(RetValExp))
6: branch 1 taken
6: branch 2 taken
1370 12: if (C->hasBlockDeclRefExprs())
1371 : Diag(C->getLocStart(), diag::err_ret_local_block)
1372 6: << C->getSourceRange();
1373 :
1: branch 1 taken
430: branch 2 taken
1374 431: if (AddrLabelExpr *ALE = dyn_cast<AddrLabelExpr>(RetValExp))
1375 : Diag(ALE->getLocStart(), diag::warn_ret_addr_label)
1376 1: << ALE->getSourceRange();
1377 :
91: branch 2 taken
3558: branch 3 taken
1378 3649: } else if (lhsType->isReferenceType()) {
1379 : // Perform checking for stack values returned by reference.
1380 : // Check for a reference to the stack
2: branch 1 taken
89: branch 2 taken
1381 91: if (DeclRefExpr *DR = EvalVal(RetValExp))
1382 : Diag(DR->getLocStart(), diag::warn_ret_stack_ref)
1383 2: << DR->getDecl()->getDeclName() << RetValExp->getSourceRange();
1384 : }
1385 4080: }
1386 :
1387 : /// EvalAddr - EvalAddr and EvalVal are mutually recursive functions that
1388 : /// check if the expression in a return statement evaluates to an address
1389 : /// to a location on the stack. The recursion is used to traverse the
1390 : /// AST of the return expression, with recursion backtracking when we
1391 : /// encounter a subexpression that (1) clearly does not lead to the address
1392 : /// of a stack variable or (2) is something we cannot determine leads to
1393 : /// the address of a stack variable based on such local checking.
1394 : ///
1395 : /// EvalAddr processes expressions that are pointers that are used as
1396 : /// references (and not L-values). EvalVal handles all other values.
1397 : /// At the base case of the recursion is a check for a DeclRefExpr* in
1398 : /// the refers to a stack variable.
1399 : ///
1400 : /// This implementation handles:
1401 : ///
1402 : /// * pointer-to-pointer casts
1403 : /// * implicit conversions from array references to pointers
1404 : /// * taking the address of fields
1405 : /// * arbitrary interplay between "&" and "*" operators
1406 : /// * pointer arithmetic from an address of a stack variable
1407 : /// * taking the address of an array element where the array is on the stack
1408 575: static DeclRefExpr* EvalAddr(Expr *E) {
1409 : // We should only be called for evaluating pointer expressions.
1410 : assert((E->getType()->isAnyPointerType() ||
1411 : E->getType()->isBlockPointerType() ||
1412 : E->getType()->isObjCQualifiedIdType()) &&
28: branch 3 taken
547: branch 4 taken
0: branch 8 not taken
28: branch 9 taken
0: branch 13 not taken
0: branch 14 not taken
1413 575: "EvalAddr only works on pointers");
1414 :
1415 : // Our "symbolic interpreter" is just a dispatch off the currently
1416 : // viewed AST node. We then recursively traverse the AST by calling
1417 : // EvalAddr and EvalVal appropriately.
12: branch 1 taken
51: branch 2 taken
19: branch 3 taken
13: branch 4 taken
204: branch 5 taken
9: branch 6 taken
267: branch 7 taken
1418 575: switch (E->getStmtClass()) {
1419 : case Stmt::ParenExprClass:
1420 : // Ignore parentheses.
1421 12: return EvalAddr(cast<ParenExpr>(E)->getSubExpr());
1422 :
1423 : case Stmt::UnaryOperatorClass: {
1424 : // The only unary operator that make sense to handle here
1425 : // is AddrOf. All others don't make sense as pointers.
1426 51: UnaryOperator *U = cast<UnaryOperator>(E);
1427 :
50: branch 1 taken
1: branch 2 taken
1428 51: if (U->getOpcode() == UnaryOperator::AddrOf)
1429 50: return EvalVal(U->getSubExpr());
1430 : else
1431 1: return NULL;
1432 : }
1433 :
1434 : case Stmt::BinaryOperatorClass: {
1435 : // Handle pointer arithmetic. All other binary operators are not valid
1436 : // in this context.
1437 19: BinaryOperator *B = cast<BinaryOperator>(E);
1438 19: BinaryOperator::Opcode op = B->getOpcode();
1439 :
4: branch 0 taken
15: branch 1 taken
0: branch 2 not taken
4: branch 3 taken
1440 19: if (op != BinaryOperator::Add && op != BinaryOperator::Sub)
1441 0: return NULL;
1442 :
1443 19: Expr *Base = B->getLHS();
1444 :
1445 : // Determine which argument is the real pointer base. It could be
1446 : // the RHS argument instead of the LHS.
3: branch 3 taken
16: branch 4 taken
1447 19: if (!Base->getType()->isPointerType()) Base = B->getRHS();
1448 :
0: branch 3 not taken
19: branch 4 taken
1449 19: assert (Base->getType()->isPointerType());
1450 19: return EvalAddr(Base);
1451 : }
1452 :
1453 : // For conditional operators we need to see if either the LHS or RHS are
1454 : // valid DeclRefExpr*s. If one of them is valid, we return it.
1455 : case Stmt::ConditionalOperatorClass: {
1456 13: ConditionalOperator *C = cast<ConditionalOperator>(E);
1457 :
1458 : // Handle the GNU extension for missing LHS.
11: branch 1 taken
2: branch 2 taken
1459 13: if (Expr *lhsExpr = C->getLHS())
1: branch 1 taken
10: branch 2 taken
1460 11: if (DeclRefExpr* LHS = EvalAddr(lhsExpr))
1461 1: return LHS;
1462 :
1463 12: return EvalAddr(C->getRHS());
1464 : }
1465 :
1466 : // For casts, we need to handle conversions from arrays to
1467 : // pointer values, and pointer-to-pointer conversions.
1468 : case Stmt::ImplicitCastExprClass:
1469 : case Stmt::CStyleCastExprClass:
1470 : case Stmt::CXXFunctionalCastExprClass: {
1471 204: Expr* SubExpr = cast<CastExpr>(E)->getSubExpr();
1472 204: QualType T = SubExpr->getType();
1473 :
157: branch 3 taken
47: branch 4 taken
151: branch 8 taken
6: branch 9 taken
0: branch 13 not taken
151: branch 14 taken
53: branch 15 taken
151: branch 16 taken
1474 204: if (SubExpr->getType()->isPointerType() ||
1475 : SubExpr->getType()->isBlockPointerType() ||
1476 : SubExpr->getType()->isObjCQualifiedIdType())
1477 53: return EvalAddr(SubExpr);
41: branch 2 taken
110: branch 3 taken
1478 151: else if (T->isArrayType())
1479 41: return EvalVal(SubExpr);
1480 : else
1481 110: return 0;
1482 : }
1483 :
1484 : // C++ casts. For dynamic casts, static casts, and const casts, we
1485 : // are always converting from a pointer-to-pointer, so we just blow
1486 : // through the cast. In the case the dynamic cast doesn't fail (and
1487 : // return NULL), we take the conservative route and report cases
1488 : // where we return the address of a stack variable. For Reinterpre
1489 : // FIXME: The comment about is wrong; we're not always converting
1490 : // from pointer to pointer. I'm guessing that this code should also
1491 : // handle references to objects.
1492 : case Stmt::CXXStaticCastExprClass:
1493 : case Stmt::CXXDynamicCastExprClass:
1494 : case Stmt::CXXConstCastExprClass:
1495 : case Stmt::CXXReinterpretCastExprClass: {
1496 9: Expr *S = cast<CXXNamedCastExpr>(E)->getSubExpr();
4: branch 3 taken
5: branch 4 taken
0: branch 8 not taken
4: branch 9 taken
5: branch 10 taken
4: branch 11 taken
1497 9: if (S->getType()->isPointerType() || S->getType()->isBlockPointerType())
1498 5: return EvalAddr(S);
1499 : else
1500 4: return NULL;
1501 : }
1502 :
1503 : // Everything else: we simply don't reason about them.
1504 : default:
1505 267: return NULL;
1506 : }
1507 : }
1508 :
1509 :
1510 : /// EvalVal - This function is complements EvalAddr in the mutual recursion.
1511 : /// See the comments for EvalAddr for more details.
1512 194: static DeclRefExpr* EvalVal(Expr *E) {
1513 :
1514 : // We should only be called for evaluating non-pointer expressions, or
1515 : // expressions with a pointer type that are not used as references but instead
1516 : // are l-values (e.g., DeclRefExpr with a pointer type).
1517 :
1518 : // Our "symbolic interpreter" is just a dispatch off the currently
1519 : // viewed AST node. We then recursively traverse the AST by calling
1520 : // EvalAddr and EvalVal appropriately.
80: branch 1 taken
3: branch 2 taken
28: branch 3 taken
4: branch 4 taken
3: branch 5 taken
10: branch 6 taken
66: branch 7 taken
1521 194: switch (E->getStmtClass()) {
1522 : case Stmt::DeclRefExprClass: {
1523 : // DeclRefExpr: the base case. When we hit a DeclRefExpr we are looking
1524 : // at code that refers to a variable's name. We check if it has local
1525 : // storage within the function, and if so, return the expression.
1526 80: DeclRefExpr *DR = cast<DeclRefExpr>(E);
1527 :
74: branch 2 taken
6: branch 3 taken
1528 80: if (VarDecl *V = dyn_cast<VarDecl>(DR->getDecl()))
28: branch 1 taken
46: branch 2 taken
25: branch 6 taken
3: branch 7 taken
25: branch 8 taken
49: branch 9 taken
1529 74: if (V->hasLocalStorage() && !V->getType()->isReferenceType()) return DR;
1530 :
1531 55: return NULL;
1532 : }
1533 :
1534 : case Stmt::ParenExprClass:
1535 : // Ignore parentheses.
1536 3: return EvalVal(cast<ParenExpr>(E)->getSubExpr());
1537 :
1538 : case Stmt::UnaryOperatorClass: {
1539 : // The only unary operator that make sense to handle here
1540 : // is Deref. All others don't resolve to a "name." This includes
1541 : // handling all sorts of rvalues passed to a unary operator.
1542 28: UnaryOperator *U = cast<UnaryOperator>(E);
1543 :
28: branch 1 taken
0: branch 2 not taken
1544 28: if (U->getOpcode() == UnaryOperator::Deref)
1545 28: return EvalAddr(U->getSubExpr());
1546 :
1547 0: return NULL;
1548 : }
1549 :
1550 : case Stmt::ArraySubscriptExprClass: {
1551 : // Array subscripts are potential references to data on the stack. We
1552 : // retrieve the DeclRefExpr* for the array variable if it indeed
1553 : // has local storage.
1554 4: return EvalAddr(cast<ArraySubscriptExpr>(E)->getBase());
1555 : }
1556 :
1557 : case Stmt::ConditionalOperatorClass: {
1558 : // For conditional operators we need to see if either the LHS or RHS are
1559 : // non-NULL DeclRefExpr's. If one is non-NULL, we return it.
1560 3: ConditionalOperator *C = cast<ConditionalOperator>(E);
1561 :
1562 : // Handle the GNU extension for missing LHS.
3: branch 1 taken
0: branch 2 not taken
1563 3: if (Expr *lhsExpr = C->getLHS())
0: branch 1 not taken
3: branch 2 taken
1564 3: if (DeclRefExpr *LHS = EvalVal(lhsExpr))
1565 0: return LHS;
1566 :
1567 3: return EvalVal(C->getRHS());
1568 : }
1569 :
1570 : // Accesses to members are potential references to data on the stack.
1571 : case Stmt::MemberExprClass: {
1572 10: MemberExpr *M = cast<MemberExpr>(E);
1573 :
1574 : // Check for indirect access. We only want direct field accesses.
3: branch 1 taken
7: branch 2 taken
1575 10: if (!M->isArrow())
1576 3: return EvalVal(M->getBase());
1577 : else
1578 7: return NULL;
1579 : }
1580 :
1581 : // Everything else: we simply don't reason about them.
1582 : default:
1583 66: return NULL;
1584 : }
1585 : }
1586 :
1587 : //===--- CHECK: Floating-Point comparisons (-Wfloat-equal) ---------------===//
1588 :
1589 : /// Check for comparisons of floating point operands using != and ==.
1590 : /// Issue a warning if these are no self-comparisons, as they are not likely
1591 : /// to do what the programmer intended.
1592 15: void Sema::CheckFloatComparison(SourceLocation loc, Expr* lex, Expr *rex) {
1593 15: bool EmitWarning = true;
1594 :
1595 15: Expr* LeftExprSansParen = lex->IgnoreParens();
1596 15: Expr* RightExprSansParen = rex->IgnoreParens();
1597 :
1598 : // Special case: check for x == x (which is OK).
1599 : // Do not emit warnings for such cases.
8: branch 1 taken
7: branch 2 taken
1600 15: if (DeclRefExpr* DRL = dyn_cast<DeclRefExpr>(LeftExprSansParen))
8: branch 1 taken
0: branch 2 not taken
1601 8: if (DeclRefExpr* DRR = dyn_cast<DeclRefExpr>(RightExprSansParen))
3: branch 2 taken
5: branch 3 taken
1602 8: if (DRL->getDecl() == DRR->getDecl())
1603 3: EmitWarning = false;
1604 :
1605 :
1606 : // Special case: check for comparisons against literals that can be exactly
1607 : // represented by APFloat. In such cases, do not emit a warning. This
1608 : // is a heuristic: often comparison against such literals are used to
1609 : // detect if a value in a variable has not changed. This clearly can
1610 : // lead to false negatives.
12: branch 0 taken
3: branch 1 taken
1611 15: if (EmitWarning) {
0: branch 1 not taken
12: branch 2 taken
1612 12: if (FloatingLiteral* FLL = dyn_cast<FloatingLiteral>(LeftExprSansParen)) {
0: branch 1 not taken
0: branch 2 not taken
1613 0: if (FLL->isExact())
1614 0: EmitWarning = false;
1615 : } else
3: branch 1 taken
9: branch 2 taken
1616 12: if (FloatingLiteral* FLR = dyn_cast<FloatingLiteral>(RightExprSansParen)){
2: branch 1 taken
1: branch 2 taken
1617 3: if (FLR->isExact())
1618 2: EmitWarning = false;
1619 : }
1620 : }
1621 :
1622 : // Check for comparisons with builtin types.
10: branch 0 taken
5: branch 1 taken
1623 15: if (EmitWarning)
0: branch 1 not taken
10: branch 2 taken
1624 10: if (CallExpr* CL = dyn_cast<CallExpr>(LeftExprSansParen))
0: branch 1 not taken
0: branch 2 not taken
1625 0: if (CL->isBuiltinCall(Context))
1626 0: EmitWarning = false;
1627 :
10: branch 0 taken
5: branch 1 taken
1628 15: if (EmitWarning)
1: branch 1 taken
9: branch 2 taken
1629 10: if (CallExpr* CR = dyn_cast<CallExpr>(RightExprSansParen))
1: branch 1 taken
0: branch 2 not taken
1630 1: if (CR->isBuiltinCall(Context))
1631 1: EmitWarning = false;
1632 :
1633 : // Emit the diagnostic.
9: branch 0 taken
6: branch 1 taken
1634 15: if (EmitWarning)
1635 : Diag(loc, diag::warn_floatingpoint_eq)
1636 9: << lex->getSourceRange() << rex->getSourceRange();
1637 15: }
1638 :
1639 : //===--- CHECK: Integer mixed-sign comparisons (-Wsign-compare) --------===//
1640 : //===--- CHECK: Lossy implicit conversions (-Wconversion) --------------===//
1641 :
1642 : namespace {
1643 :
1644 : /// Structure recording the 'active' range of an integer-valued
1645 : /// expression.
1646 : struct IntRange {
1647 : /// The number of bits active in the int.
1648 : unsigned Width;
1649 :
1650 : /// True if the int is known not to have negative values.
1651 : bool NonNegative;
1652 :
1653 : IntRange() {}
1654 9952: IntRange(unsigned Width, bool NonNegative)
1655 9952: : Width(Width), NonNegative(NonNegative)
1656 9952: {}
1657 :
1658 : // Returns the range of the bool type.
1659 191: static IntRange forBoolType() {
1660 191: return IntRange(1, true);
1661 : }
1662 :
1663 : // Returns the range of an integral type.
1664 1845: static IntRange forType(ASTContext &C, QualType T) {
1665 1845: return forCanonicalType(C, T->getCanonicalTypeInternal().getTypePtr());
1666 : }
1667 :
1668 : // Returns the range of an integeral type based on its canonical
1669 : // representation.
1670 6106: static IntRange forCanonicalType(ASTContext &C, const Type *T) {
0: branch 1 not taken
6106: branch 2 taken
1671 6106: assert(T->isCanonicalUnqualified());
1672 :
42: branch 1 taken
6064: branch 2 taken
1673 6106: if (const VectorType *VT = dyn_cast<VectorType>(T))
1674 42: T = VT->getElementType().getTypePtr();
35: branch 1 taken
6071: branch 2 taken
1675 6106: if (const ComplexType *CT = dyn_cast<ComplexType>(T))
1676 35: T = CT->getElementType().getTypePtr();
57: branch 1 taken
6049: branch 2 taken
1677 6106: if (const EnumType *ET = dyn_cast<EnumType>(T))
1678 57: T = ET->getDecl()->getIntegerType().getTypePtr();
1679 :
1680 6106: const BuiltinType *BT = cast<BuiltinType>(T);
0: branch 1 not taken
6106: branch 2 taken
1681 6106: assert(BT->isInteger());
1682 :
1683 6106: return IntRange(C.getIntWidth(QualType(T, 0)), BT->isUnsignedInteger());
1684 : }
1685 :
1686 : // Returns the supremum of two ranges: i.e. their conservative merge.
1687 79: static IntRange join(const IntRange &L, const IntRange &R) {
1688 : return IntRange(std::max(L.Width, R.Width),
42: branch 0 taken
37: branch 1 taken
38: branch 2 taken
4: branch 3 taken
1689 79: L.NonNegative && R.NonNegative);
1690 : }
1691 :
1692 : // Returns the infinum of two ranges: i.e. their aggressive merge.
1693 5: static IntRange meet(const IntRange &L, const IntRange &R) {
1694 : return IntRange(std::min(L.Width, R.Width),
0: branch 0 not taken
5: branch 1 taken
5: branch 2 taken
5: branch 3 taken
1695 5: L.NonNegative || R.NonNegative);
1696 : }
1697 : };
1698 :
1699 3487: IntRange GetValueRange(ASTContext &C, llvm::APSInt &value, unsigned MaxWidth) {
2728: branch 1 taken
759: branch 2 taken
38: branch 4 taken
2690: branch 5 taken
38: branch 6 taken
3449: branch 7 taken
1700 3487: if (value.isSigned() && value.isNegative())
1701 38: return IntRange(value.getMinSignedBits(), false);
1702 :
0: branch 1 not taken
3449: branch 2 taken
1703 3449: if (value.getBitWidth() > MaxWidth)
1704 0: value.trunc(MaxWidth);
1705 :
1706 : // isNonNegative() just checks the sign bit without considering
1707 : // signedness.
1708 3449: return IntRange(value.getActiveBits(), true);
1709 : }
1710 :
1711 : IntRange GetValueRange(ASTContext &C, APValue &result, QualType Ty,
1712 3492: unsigned MaxWidth) {
3485: branch 1 taken
7: branch 2 taken
1713 3492: if (result.isInt())
1714 3485: return GetValueRange(C, result.getInt(), MaxWidth);
1715 :
0: branch 1 not taken
7: branch 2 taken
1716 7: if (result.isVector()) {
1717 0: IntRange R = GetValueRange(C, result.getVectorElt(0), Ty, MaxWidth);
0: branch 1 not taken
0: branch 2 not taken
1718 0: for (unsigned i = 1, e = result.getVectorLength(); i != e; ++i) {
1719 0: IntRange El = GetValueRange(C, result.getVectorElt(i), Ty, MaxWidth);
1720 0: R = IntRange::join(R, El);
1721 : }
1722 0: return R;
1723 : }
1724 :
1: branch 1 taken
6: branch 2 taken
1725 7: if (result.isComplexInt()) {
1726 1: IntRange R = GetValueRange(C, result.getComplexIntReal(), MaxWidth);
1727 1: IntRange I = GetValueRange(C, result.getComplexIntImag(), MaxWidth);
1728 1: return IntRange::join(R, I);
1729 : }
1730 :
1731 : // This can happen with lossless casts to intptr_t of "based" lvalues.
1732 : // Assume it might use arbitrary bits.
1733 : // FIXME: The only reason we need to pass the type in here is to get
1734 : // the sign right on this one case. It would be nice if APValue
1735 : // preserved this.
0: branch 1 not taken
6: branch 2 taken
1736 6: assert(result.isLValue());
1737 6: return IntRange(MaxWidth, Ty->isUnsignedIntegerType());
1738 : }
1739 :
1740 : /// Pseudo-evaluate the given integer expression, estimating the
1741 : /// range of values it might take.
1742 : ///
1743 : /// \param MaxWidth - the width to which the value will be truncated
1744 5710: IntRange GetExprRange(ASTContext &C, Expr *E, unsigned MaxWidth) {
1745 5710: E = E->IgnoreParens();
1746 :
1747 : // Try a full evaluation first.
1748 5710: Expr::EvalResult result;
3492: branch 1 taken
2218: branch 2 taken
1749 5710: if (E->Evaluate(result, C))
1750 3492: return GetValueRange(C, result.Val, E->getType(), MaxWidth);
1751 :
1752 : // I think we only want to look through implicit casts here; if the
1753 : // user has an explicit widening cast, we should treat the value as
1754 : // being of the new, wider type.
128: branch 1 taken
2090: branch 2 taken
1755 2218: if (ImplicitCastExpr *CE = dyn_cast<ImplicitCastExpr>(E)) {
64: branch 1 taken
64: branch 2 taken
1756 128: if (CE->getCastKind() == CastExpr::CK_NoOp)
1757 64: return GetExprRange(C, CE->getSubExpr(), MaxWidth);
1758 :
1759 64: IntRange OutputTypeRange = IntRange::forType(C, CE->getType());
1760 :
1761 64: bool isIntegerCast = (CE->getCastKind() == CastExpr::CK_IntegralCast);
14: branch 0 taken
50: branch 1 taken
12: branch 3 taken
2: branch 4 taken
12: branch 5 taken
52: branch 6 taken
1762 64: if (!isIntegerCast && CE->getCastKind() == CastExpr::CK_Unknown)
1763 12: isIntegerCast = CE->getSubExpr()->getType()->isIntegerType();
1764 :
1765 : // Assume that non-integer casts can span the full range of the type.
4: branch 0 taken
60: branch 1 taken
1766 64: if (!isIntegerCast)
1767 4: return OutputTypeRange;
1768 :
1769 : IntRange SubRange
1770 : = GetExprRange(C, CE->getSubExpr(),
1771 60: std::min(MaxWidth, OutputTypeRange.Width));
1772 :
1773 : // Bail out if the subexpr's range is as wide as the cast type.
10: branch 0 taken
50: branch 1 taken
1774 60: if (SubRange.Width >= OutputTypeRange.Width)
1775 10: return OutputTypeRange;
1776 :
1777 : // Otherwise, we take the smaller width, and we're non-negative if
1778 : // either the output type or the subexpr is.
1779 : return IntRange(SubRange.Width,
32: branch 0 taken
18: branch 1 taken
0: branch 2 not taken
32: branch 3 taken
1780 50: SubRange.NonNegative || OutputTypeRange.NonNegative);
1781 : }
1782 :
9: branch 1 taken
2081: branch 2 taken
1783 2090: if (ConditionalOperator *CO = dyn_cast<ConditionalOperator>(E)) {
1784 : // If we can fold the condition, just take that operand.
1785 : bool CondResult;
0: branch 2 not taken
9: branch 3 taken
1786 9: if (CO->getCond()->EvaluateAsBooleanCondition(CondResult, C))
1787 : return GetExprRange(C, CondResult ? CO->getTrueExpr()
1788 : : CO->getFalseExpr(),
0: branch 0 not taken
0: branch 1 not taken
1789 0: MaxWidth);
1790 :
1791 : // Otherwise, conservatively merge.
1792 9: IntRange L = GetExprRange(C, CO->getTrueExpr(), MaxWidth);
1793 9: IntRange R = GetExprRange(C, CO->getFalseExpr(), MaxWidth);
1794 9: return IntRange::join(L, R);
1795 : }
1796 :
283: branch 1 taken
1798: branch 2 taken
1797 2081: if (BinaryOperator *BO = dyn_cast<BinaryOperator>(E)) {
190: branch 1 taken
0: branch 2 not taken
5: branch 3 taken
1: branch 4 taken
1: branch 5 taken
0: branch 6 not taken
19: branch 7 taken
67: branch 8 taken
1798 283: switch (BO->getOpcode()) {
1799 :
1800 : // Boolean-valued operations are single-bit and positive.
1801 : case BinaryOperator::LAnd:
1802 : case BinaryOperator::LOr:
1803 : case BinaryOperator::LT:
1804 : case BinaryOperator::GT:
1805 : case BinaryOperator::LE:
1806 : case BinaryOperator::GE:
1807 : case BinaryOperator::EQ:
1808 : case BinaryOperator::NE:
1809 190: return IntRange::forBoolType();
1810 :
1811 : // Operations with opaque sources are black-listed.
1812 : case BinaryOperator::PtrMemD:
1813 : case BinaryOperator::PtrMemI:
1814 0: return IntRange::forType(C, E->getType());
1815 :
1816 : // Bitwise-and uses the *infinum* of the two source ranges.
1817 : case BinaryOperator::And:
1818 : return IntRange::meet(GetExprRange(C, BO->getLHS(), MaxWidth),
1819 5: GetExprRange(C, BO->getRHS(), MaxWidth));
1820 :
1821 : // Left shift gets black-listed based on a judgement call.
1822 : case BinaryOperator::Shl:
1823 1: return IntRange::forType(C, E->getType());
1824 :
1825 : // Right shift by a constant can narrow its left argument.
1826 : case BinaryOperator::Shr: {
1827 1: IntRange L = GetExprRange(C, BO->getLHS(), MaxWidth);
1828 :
1829 : // If the shift amount is a positive constant, drop the width by
1830 : // that much.
1831 1: llvm::APSInt shift;
1: branch 2 taken
0: branch 3 not taken
1: branch 5 taken
0: branch 6 not taken
1: branch 7 taken
0: branch 8 not taken
1832 1: if (BO->getRHS()->isIntegerConstantExpr(shift, C) &&
1833 : shift.isNonNegative()) {
1834 1: unsigned zext = shift.getZExtValue();
0: branch 0 not taken
1: branch 1 taken
1835 1: if (zext >= L.Width)
0: branch 0 not taken
0: branch 1 not taken
1836 0: L.Width = (L.NonNegative ? 0 : 1);
1837 : else
1838 1: L.Width -= zext;
1839 : }
1840 :
1841 1: return L;
1842 : }
1843 :
1844 : // Comma acts as its right operand.
1845 : case BinaryOperator::Comma:
1846 0: return GetExprRange(C, BO->getRHS(), MaxWidth);
1847 :
1848 : // Black-list pointer subtractions.
1849 : case BinaryOperator::Sub:
17: branch 4 taken
2: branch 5 taken
1850 19: if (BO->getLHS()->getType()->isPointerType())
1851 17: return IntRange::forType(C, E->getType());
1852 : // fallthrough
1853 :
1854 : default:
1855 : break;
1856 : }
1857 :
1858 : // Treat every other operator as if it were closed on the
1859 : // narrowest type that encompasses both operands.
1860 69: IntRange L = GetExprRange(C, BO->getLHS(), MaxWidth);
1861 69: IntRange R = GetExprRange(C, BO->getRHS(), MaxWidth);
1862 69: return IntRange::join(L, R);
1863 : }
1864 :
57: branch 1 taken
1741: branch 2 taken
1865 1798: if (UnaryOperator *UO = dyn_cast<UnaryOperator>(E)) {
1: branch 1 taken
50: branch 2 taken
6: branch 3 taken
1866 57: switch (UO->getOpcode()) {
1867 : // Boolean-valued operations are white-listed.
1868 : case UnaryOperator::LNot:
1869 1: return IntRange::forBoolType();
1870 :
1871 : // Operations with opaque sources are black-listed.
1872 : case UnaryOperator::Deref:
1873 : case UnaryOperator::AddrOf: // should be impossible
1874 : case UnaryOperator::OffsetOf:
1875 50: return IntRange::forType(C, E->getType());
1876 :
1877 : default:
1878 6: return GetExprRange(C, UO->getSubExpr(), MaxWidth);
1879 : }
1880 : }
1881 :
1882 1741: FieldDecl *BitField = E->getBitField();
28: branch 0 taken
1713: branch 1 taken
1883 1741: if (BitField) {
1884 28: llvm::APSInt BitWidthAP = BitField->getBitWidth()->EvaluateAsInt(C);
1885 28: unsigned BitWidth = BitWidthAP.getZExtValue();
1886 :
1887 28: return IntRange(BitWidth, BitField->getType()->isUnsignedIntegerType());
1888 : }
1889 :
1890 1713: return IntRange::forType(C, E->getType());
1891 : }
1892 :
1893 : /// Checks whether the given value, which currently has the given
1894 : /// source semantics, has the same value when coerced through the
1895 : /// target semantics.
1896 : bool IsSameFloatAfterCast(const llvm::APFloat &value,
1897 : const llvm::fltSemantics &Src,
1898 136: const llvm::fltSemantics &Tgt) {
1899 136: llvm::APFloat truncated = value;
1900 :
1901 : bool ignored;
1902 136: truncated.convert(Src, llvm::APFloat::rmNearestTiesToEven, &ignored);
1903 136: truncated.convert(Tgt, llvm::APFloat::rmNearestTiesToEven, &ignored);
1904 :
1905 136: return truncated.bitwiseIsEqual(value);
1906 : }
1907 :
1908 : /// Checks whether the given value, which currently has the given
1909 : /// source semantics, has the same value when coerced through the
1910 : /// target semantics.
1911 : ///
1912 : /// The value might be a vector of floats (or a complex number).
1913 : bool IsSameFloatAfterCast(const APValue &value,
1914 : const llvm::fltSemantics &Src,
1915 132: const llvm::fltSemantics &Tgt) {
128: branch 1 taken
4: branch 2 taken
1916 132: if (value.isFloat())
1917 128: return IsSameFloatAfterCast(value.getFloat(), Src, Tgt);
1918 :
0: branch 1 not taken
4: branch 2 taken
1919 4: if (value.isVector()) {
0: branch 1 not taken
0: branch 2 not taken
1920 0: for (unsigned i = 0, e = value.getVectorLength(); i != e; ++i)
0: branch 2 not taken
0: branch 3 not taken
1921 0: if (!IsSameFloatAfterCast(value.getVectorElt(i), Src, Tgt))
1922 0: return false;
1923 0: return true;
1924 : }
1925 :
0: branch 1 not taken
4: branch 2 taken
1926 4: assert(value.isComplexFloat());
1927 : return (IsSameFloatAfterCast(value.getComplexFloatReal(), Src, Tgt) &&
4: branch 2 taken
0: branch 3 not taken
4: branch 6 taken
0: branch 7 not taken
1928 4: IsSameFloatAfterCast(value.getComplexFloatImag(), Src, Tgt));
1929 : }
1930 :
1931 : } // end anonymous namespace
1932 :
1933 : /// \brief Implements -Wsign-compare.
1934 : ///
1935 : /// \param lex the left-hand expression
1936 : /// \param rex the right-hand expression
1937 : /// \param OpLoc the location of the joining operator
1938 : /// \param Equality whether this is an "equality-like" join, which
1939 : /// suppresses the warning in some cases
1940 : void Sema::CheckSignCompare(Expr *lex, Expr *rex, SourceLocation OpLoc,
1941 3013: const PartialDiagnostic &PD, bool Equality) {
1942 : // Don't warn if we're in an unevaluated context.
494: branch 1 taken
2519: branch 2 taken
1943 3013: if (ExprEvalContexts.back().Context == Unevaluated)
1944 494: return;
1945 :
1946 : // If either expression is value-dependent, don't warn. We'll get another
1947 : // chance at instantiation time.
2514: branch 1 taken
5: branch 2 taken
3: branch 4 taken
2511: branch 5 taken
8: branch 6 taken
2511: branch 7 taken
1948 2519: if (lex->isValueDependent() || rex->isValueDependent())
1949 8: return;
1950 :
1951 2511: QualType lt = lex->getType(), rt = rex->getType();
1952 :
1953 : // Only warn if both operands are integral.
1784: branch 2 taken
727: branch 3 taken
58: branch 6 taken
1726: branch 7 taken
785: branch 8 taken
1726: branch 9 taken
1954 2511: if (!lt->isIntegerType() || !rt->isIntegerType())
1955 785: return;
1956 :
1957 : // In C, the width of a bitfield determines its type, and the
1958 : // declared type only contributes the signedness. This duplicates
1959 : // the work that will later be done by UsualUnaryConversions.
1960 : // Eventually, this check will be reorganized in a way that avoids
1961 : // this duplication.
1373: branch 1 taken
353: branch 2 taken
1962 1726: if (!getLangOptions().CPlusPlus) {
1963 1373: QualType tmp;
1964 1373: tmp = Context.isPromotableBitField(lex);
9: branch 1 taken
1364: branch 2 taken
1965 1373: if (!tmp.isNull()) lt = tmp;
1966 1373: tmp = Context.isPromotableBitField(rex);
0: branch 1 not taken
1373: branch 2 taken
1967 1373: if (!tmp.isNull()) rt = tmp;
1968 : }
1969 :
1970 : // The rule is that the signed operand becomes unsigned, so isolate the
1971 : // signed operand.
1972 1726: Expr *signedOperand = lex, *unsignedOperand = rex;
1973 1726: QualType signedType = lt, unsignedType = rt;
1215: branch 2 taken
511: branch 3 taken
1974 1726: if (lt->isSignedIntegerType()) {
300: branch 2 taken
915: branch 3 taken
1975 1215: if (rt->isSignedIntegerType()) return;
1976 : } else {
352: branch 2 taken
159: branch 3 taken
1977 511: if (!rt->isSignedIntegerType()) return;
1978 352: std::swap(signedOperand, unsignedOperand);
1979 352: std::swap(signedType, unsignedType);
1980 : }
1981 :
1982 652: unsigned unsignedWidth = Context.getIntWidth(unsignedType);
1983 652: unsigned signedWidth = Context.getIntWidth(signedType);
1984 :
1985 : // If the unsigned type is strictly smaller than the signed type,
1986 : // then (1) the result type will be signed and (2) the unsigned
1987 : // value will fit fully within the signed type, and thus the result
1988 : // of the comparison will be exact.
76: branch 0 taken
576: branch 1 taken
1989 652: if (signedWidth > unsignedWidth)
1990 76: return;
1991 :
1992 : // Otherwise, calculate the effective ranges.
1993 576: IntRange signedRange = GetExprRange(Context, signedOperand, signedWidth);
1994 576: IntRange unsignedRange = GetExprRange(Context, unsignedOperand, unsignedWidth);
1995 :
1996 : // We should never be unable to prove that the unsigned operand is
1997 : // non-negative.
0: branch 0 not taken
576: branch 1 taken
1998 576: assert(unsignedRange.NonNegative && "unsigned range includes negative?");
1999 :
2000 : // If the signed operand is non-negative, then the signed->unsigned
2001 : // conversion won't change it.
459: branch 0 taken
117: branch 1 taken
2002 576: if (signedRange.NonNegative)
2003 459: return;
2004 :
2005 : // For (in)equality comparisons, if the unsigned operand is a
2006 : // constant which cannot collide with a overflowed signed operand,
2007 : // then reinterpreting the signed operand as unsigned will not
2008 : // change the result of the comparison.
51: branch 0 taken
66: branch 1 taken
31: branch 2 taken
20: branch 3 taken
2009 117: if (Equality && unsignedRange.Width < unsignedWidth)
2010 31: return;
2011 :
2012 : Diag(OpLoc, PD)
2013 86: << lt << rt << lex->getSourceRange() << rex->getSourceRange();
2014 : }
2015 :
2016 : /// Diagnose an implicit cast; purely a helper for CheckImplicitConversion.
2017 472: static void DiagnoseImpCast(Sema &S, Expr *E, QualType T, unsigned diag) {
2018 472: S.Diag(E->getExprLoc(), diag) << E->getType() << T << E->getSourceRange();
2019 472: }
2020 :
2021 : /// Implements -Wconversion.
2022 20221: void Sema::CheckImplicitConversion(Expr *E, QualType T) {
2023 : // Don't diagnose in unevaluated contexts.
1548: branch 1 taken
18673: branch 2 taken
2024 20221: if (ExprEvalContexts.back().Context == Sema::Unevaluated)
2025 1548: return;
2026 :
2027 : // Don't diagnose for value-dependent expressions.
22: branch 1 taken
18651: branch 2 taken
2028 18673: if (E->isValueDependent())
2029 22: return;
2030 :
2031 18651: const Type *Source = Context.getCanonicalType(E->getType()).getTypePtr();
2032 18651: const Type *Target = Context.getCanonicalType(T).getTypePtr();
2033 :
2034 : // Never diagnose implicit casts to bool.
335: branch 1 taken
18316: branch 2 taken
2035 18651: if (Target->isSpecificBuiltinType(BuiltinType::Bool))
2036 335: return;
2037 :
2038 : // Strip vector types.
39: branch 1 taken
18277: branch 2 taken
2039 18316: if (isa<VectorType>(Source)) {
0: branch 1 not taken
39: branch 2 taken
2040 39: if (!isa<VectorType>(Target))
2041 0: return DiagnoseImpCast(*this, E, T, diag::warn_impcast_vector_scalar);
2042 :
2043 39: Source = cast<VectorType>(Source)->getElementType().getTypePtr();
2044 39: Target = cast<VectorType>(Target)->getElementType().getTypePtr();
2045 : }
2046 :
2047 : // Strip complex types.
137: branch 1 taken
18179: branch 2 taken
2048 18316: if (isa<ComplexType>(Source)) {
55: branch 1 taken
82: branch 2 taken
2049 137: if (!isa<ComplexType>(Target))
2050 55: return DiagnoseImpCast(*this, E, T, diag::warn_impcast_complex_scalar);
2051 :
2052 82: Source = cast<ComplexType>(Source)->getElementType().getTypePtr();
2053 82: Target = cast<ComplexType>(Target)->getElementType().getTypePtr();
2054 : }
2055 :
2056 18261: const BuiltinType *SourceBT = dyn_cast<BuiltinType>(Source);
2057 18261: const BuiltinType *TargetBT = dyn_cast<BuiltinType>(Target);
2058 :
2059 : // If the source is floating point...
6423: branch 0 taken
11838: branch 1 taken
567: branch 3 taken
5856: branch 4 taken
567: branch 5 taken
17694: branch 6 taken
2060 18261: if (SourceBT && SourceBT->isFloatingPoint()) {
2061 : // ...and the target is floating point...
505: branch 0 taken
62: branch 1 taken
403: branch 3 taken
102: branch 4 taken
403: branch 5 taken
164: branch 6 taken
2062 567: if (TargetBT && TargetBT->isFloatingPoint()) {
2063 : // ...then warn if we're dropping FP rank.
2064 :
2065 : // Builtin FP kinds are ordered by increasing FP rank.
172: branch 2 taken
231: branch 3 taken
2066 403: if (SourceBT->getKind() > TargetBT->getKind()) {
2067 : // Don't warn about float constants that are precisely
2068 : // representable in the target type.
2069 172: Expr::EvalResult result;
132: branch 1 taken
40: branch 2 taken
2070 172: if (E->Evaluate(result, Context)) {
2071 : // Value might be a float, a float vector, or a float complex.
100: branch 5 taken
32: branch 6 taken
2072 132: if (IsSameFloatAfterCast(result.Val,
2073 : Context.getFloatTypeSemantics(QualType(TargetBT, 0)),
2074 : Context.getFloatTypeSemantics(QualType(SourceBT, 0))))
2075 100: return;
2076 : }
2077 :
72: branch 2 taken
100: branch 3 taken
2078 72: DiagnoseImpCast(*this, E, T, diag::warn_impcast_float_precision);
2079 : }
2080 303: return;
2081 : }
2082 :
2083 : // If the target is integral, always warn.
102: branch 0 taken
62: branch 1 taken
102: branch 3 taken
0: branch 4 not taken
102: branch 5 taken
62: branch 6 taken
2084 164: if ((TargetBT && TargetBT->isInteger()))
2085 : // TODO: don't warn for integer values?
2086 102: return DiagnoseImpCast(*this, E, T, diag::warn_impcast_float_integer);
2087 :
2088 62: return;
2089 : }
2090 :
6023: branch 1 taken
11671: branch 2 taken
1762: branch 4 taken
4261: branch 5 taken
13433: branch 6 taken
4261: branch 7 taken
2091 17694: if (!Source->isIntegerType() || !Target->isIntegerType())
2092 13433: return;
2093 :
2094 4261: IntRange SourceRange = GetExprRange(Context, E, Context.getIntWidth(E->getType()));
2095 4261: IntRange TargetRange = IntRange::forCanonicalType(Context, Target);
2096 :
2097 : // FIXME: also signed<->unsigned?
2098 :
243: branch 0 taken
4018: branch 1 taken
2099 4261: if (SourceRange.Width > TargetRange.Width) {
2100 : // People want to build with -Wshorten-64-to-32 and not -Wconversion
2101 : // and by god we'll let them.
135: branch 0 taken
108: branch 1 taken
57: branch 2 taken
78: branch 3 taken
2102 243: if (SourceRange.Width == 64 && TargetRange.Width == 32)
2103 57: return DiagnoseImpCast(*this, E, T, diag::warn_impcast_integer_64_32);
2104 186: return DiagnoseImpCast(*this, E, T, diag::warn_impcast_integer_precision);
2105 : }
2106 :
2107 4018: return;
2108 : }
2109 :
2110 : // MarkLive - Mark all the blocks reachable from e as live. Returns the total
2111 : // number of blocks just marked live.
2112 3506: static unsigned MarkLive(CFGBlock *e, llvm::BitVector &live) {
2113 3506: unsigned count = 0;
2114 3506: std::queue<CFGBlock*> workq;
2115 : // Prep work queue
2116 3506: live.set(e->getBlockID());
2117 3506: ++count;
2118 3506: workq.push(e);
2119 : // Solve
12322: branch 1 taken
3506: branch 2 taken
2120 19334: while (!workq.empty()) {
2121 12322: CFGBlock *item = workq.front();
2122 12322: workq.pop();
9837: branch 1 taken
12322: branch 2 taken
2123 34481: for (CFGBlock::succ_iterator I=item->succ_begin(),
2124 12322: E=item->succ_end();
2125 : I != E;
2126 : ++I) {
9722: branch 0 taken
115: branch 1 taken
8816: branch 5 taken
906: branch 6 taken
9722: branch 7 taken
115: branch 8 taken
8816: branch 10 taken
1021: branch 11 taken
2127 9837: if ((*I) && !live[(*I)->getBlockID()]) {
2128 8816: live.set((*I)->getBlockID());
2129 8816: ++count;
2130 8816: workq.push(*I);
2131 : }
2132 : }
2133 : }
2134 3506: return count;
2135 : }
2136 :
2137 : static SourceLocation GetUnreachableLoc(CFGBlock &b, SourceRange &R1,
2138 35: SourceRange &R2) {
2139 : Stmt *S;
2140 35: unsigned sn = 0;
2141 35: R1 = R2 = SourceRange();
2142 :
2143 36: top:
27: branch 1 taken
9: branch 2 taken
2144 36: if (sn < b.size())
2145 27: S = b[sn].getStmt();
9: branch 1 taken
0: branch 2 not taken
2146 9: else if (b.getTerminator())
2147 9: S = b.getTerminator();
2148 : else
2149 0: return SourceLocation();
2150 :
7: branch 1 taken
3: branch 2 taken
1: branch 3 taken
2: branch 4 taken
2: branch 5 taken
1: branch 6 taken
1: branch 7 taken
2: branch 8 taken
1: branch 9 taken
0: branch 10 not taken
16: branch 11 taken
2151 36: switch (S->getStmtClass()) {
2152 : case Expr::BinaryOperatorClass: {
2153 7: BinaryOperator *BO = cast<BinaryOperator>(S);
5: branch 1 taken
2: branch 2 taken
2154 7: if (BO->getOpcode() == BinaryOperator::Comma) {
1: branch 1 taken
4: branch 2 taken
2155 5: if (sn+1 < b.size())
2156 1: return b[sn+1].getStmt()->getLocStart();
2157 4: CFGBlock *n = &b;
2158 0: while (1) {
1: branch 1 taken
3: branch 2 taken
2159 4: if (n->getTerminator())
2160 1: return n->getTerminator()->getLocStart();
0: branch 1 not taken
3: branch 2 taken
2161 3: if (n->succ_size() != 1)
2162 0: return SourceLocation();
2163 3: n = n[0].succ_begin()[0];
2: branch 1 taken
1: branch 2 taken
2164 3: if (n->pred_size() != 1)
2165 2: return SourceLocation();
1: branch 1 taken
0: branch 2 not taken
2166 1: if (!n->empty())
2167 1: return n[0][0].getStmt()->getLocStart();
2168 : }
2169 : }
2170 2: R1 = BO->getLHS()->getSourceRange();
2171 2: R2 = BO->getRHS()->getSourceRange();
2172 2: return BO->getOperatorLoc();
2173 : }
2174 : case Expr::UnaryOperatorClass: {
2175 3: const UnaryOperator *UO = cast<UnaryOperator>(S);
2176 3: R1 = UO->getSubExpr()->getSourceRange();
2177 3: return UO->getOperatorLoc();
2178 : }
2179 : case Expr::CompoundAssignOperatorClass: {
2180 1: const CompoundAssignOperator *CAO = cast<CompoundAssignOperator>(S);
2181 1: R1 = CAO->getLHS()->getSourceRange();
2182 1: R2 = CAO->getRHS()->getSourceRange();
2183 1: return CAO->getOperatorLoc();
2184 : }
2185 : case Expr::ConditionalOperatorClass: {
2186 2: const ConditionalOperator *CO = cast<ConditionalOperator>(S);
2187 2: return CO->getQuestionLoc();
2188 : }
2189 : case Expr::MemberExprClass: {
2190 2: const MemberExpr *ME = cast<MemberExpr>(S);
2191 2: R1 = ME->getSourceRange();
2192 2: return ME->getMemberLoc();
2193 : }
2194 : case Expr::ArraySubscriptExprClass: {
2195 1: const ArraySubscriptExpr *ASE = cast<ArraySubscriptExpr>(S);
2196 1: R1 = ASE->getLHS()->getSourceRange();
2197 1: R2 = ASE->getRHS()->getSourceRange();
2198 1: return ASE->getRBracketLoc();
2199 : }
2200 : case Expr::CStyleCastExprClass: {
2201 1: const CStyleCastExpr *CSC = cast<CStyleCastExpr>(S);
2202 1: R1 = CSC->getSubExpr()->getSourceRange();
2203 1: return CSC->getLParenLoc();
2204 : }
2205 : case Expr::CXXFunctionalCastExprClass: {
2206 2: const CXXFunctionalCastExpr *CE = cast <CXXFunctionalCastExpr>(S);
2207 2: R1 = CE->getSubExpr()->getSourceRange();
2208 2: return CE->getTypeBeginLoc();
2209 : }
2210 : case Expr::ImplicitCastExprClass:
2211 1: ++sn;
2212 1: goto top;
2213 : case Stmt::CXXTryStmtClass: {
2214 0: return cast<CXXTryStmt>(S)->getHandler(0)->getCatchLoc();
2215 : }
2216 : default: ;
2217 : }
2218 16: R1 = S->getSourceRange();
2219 16: return S->getLocStart();
2220 : }
2221 :
2222 : static SourceLocation MarkLiveTop(CFGBlock *e, llvm::BitVector &live,
2223 2: SourceManager &SM) {
2224 2: std::queue<CFGBlock*> workq;
2225 : // Prep work queue
2226 2: workq.push(e);
2227 2: SourceRange R1, R2;
2228 2: SourceLocation top = GetUnreachableLoc(*e, R1, R2);
2229 2: bool FromMainFile = false;
2230 2: bool FromSystemHeader = false;
2231 2: bool TopValid = false;
2: branch 1 taken
0: branch 2 not taken
2232 2: if (top.isValid()) {
2233 2: FromMainFile = SM.isFromMainFile(top);
2234 2: FromSystemHeader = SM.isInSystemHeader(top);
2235 2: TopValid = true;
2236 : }
2237 : // Solve
4: branch 1 taken
2: branch 2 taken
2238 8: while (!workq.empty()) {
2239 4: CFGBlock *item = workq.front();
2240 4: workq.pop();
2241 4: SourceLocation c = GetUnreachableLoc(*item, R1, R2);
4: branch 1 taken
0: branch 2 not taken
4: branch 3 taken
0: branch 4 not taken
4: branch 6 taken
0: branch 7 not taken
4: branch 8 taken
0: branch 9 not taken
0: branch 10 not taken
4: branch 11 taken
0: branch 13 not taken
0: branch 14 not taken
2: branch 16 taken
2: branch 17 taken
2: branch 18 taken
2: branch 19 taken
2242 4: if (c.isValid()
2243 : && (!TopValid
2244 : || (SM.isFromMainFile(c) && !FromMainFile)
2245 : || (FromSystemHeader && !SM.isInSystemHeader(c))
2246 : || SM.isBeforeInTranslationUnit(c, top))) {
2247 2: top = c;
2248 2: FromMainFile = SM.isFromMainFile(top);
2249 2: FromSystemHeader = SM.isInSystemHeader(top);
2250 : }
2251 4: live.set(item->getBlockID());
4: branch 1 taken
4: branch 2 taken
2252 12: for (CFGBlock::succ_iterator I=item->succ_begin(),
2253 4: E=item->succ_end();
2254 : I != E;
2255 : ++I) {
4: branch 0 taken
0: branch 1 not taken
2: branch 5 taken
2: branch 6 taken
4: branch 7 taken
0: branch 8 not taken
2: branch 10 taken
2: branch 11 taken
2256 4: if ((*I) && !live[(*I)->getBlockID()]) {
2257 2: live.set((*I)->getBlockID());
2258 2: workq.push(*I);
2259 : }
2260 : }
2261 : }
2262 2: return top;
2263 : }
2264 :
2265 36: static int LineCmp(const void *p1, const void *p2) {
2266 36: SourceLocation *Line1 = (SourceLocation *)p1;
2267 36: SourceLocation *Line2 = (SourceLocation *)p2;
2268 36: return !(*Line1 < *Line2);
2269 : }
2270 :
2271 : namespace {
2272 29: struct ErrLoc {
2273 : SourceLocation Loc;
2274 : SourceRange R1;
2275 : SourceRange R2;
2276 29: ErrLoc(SourceLocation l, SourceRange r1, SourceRange r2)
2277 29: : Loc(l), R1(r1), R2(r2) { }
2278 : };
2279 : }
2280 :
2281 : /// CheckUnreachable - Check for unreachable code.
2282 9857: void Sema::CheckUnreachable(AnalysisContext &AC) {
2283 : unsigned count;
2284 : // We avoid checking when there are errors, as the CFG won't faithfully match
2285 : // the user's code.
1903: branch 2 taken
7954: branch 3 taken
2286 9857: if (getDiagnostics().hasErrorOccurred())
2287 1903: return;
7939: branch 1 taken
15: branch 2 taken
2288 7954: if (Diags.getDiagnosticLevel(diag::warn_unreachable) == Diagnostic::Ignored)
2289 7939: return;
2290 :
2291 15: CFG *cfg = AC.getCFG();
0: branch 0 not taken
15: branch 1 taken
2292 15: if (cfg == 0)
2293 0: return;
2294 :
2295 15: llvm::BitVector live(cfg->getNumBlockIDs());
2296 : // Mark all live things first.
2297 15: count = MarkLive(&cfg->getEntry(), live);
2298 :
3: branch 1 taken
12: branch 2 taken
2299 15: if (count == cfg->getNumBlockIDs())
2300 : // If there are no dead blocks, we're done.
2301 3: return;
2302 :
2303 12: SourceRange R1, R2;
2304 :
2305 12: llvm::SmallVector<ErrLoc, 24> lines;
2306 12: bool AddEHEdges = AC.getAddEHEdges();
2307 : // First, give warnings for blocks with no predecessors, as they
2308 : // can't be part of a loop.
123: branch 2 taken
12: branch 3 taken
2309 135: for (CFG::iterator I = cfg->begin(), E = cfg->end(); I != E; ++I) {
2310 123: CFGBlock &b = **I;
50: branch 4 taken
73: branch 5 taken
2311 123: if (!live[b.getBlockID()]) {
33: branch 2 taken
17: branch 3 taken
2312 50: if (b.pred_begin() == b.pred_end()) {
33: branch 0 taken
0: branch 1 not taken
9: branch 3 taken
24: branch 4 taken
4: branch 7 taken
5: branch 8 taken
4: branch 9 taken
29: branch 10 taken
2313 33: if (!AddEHEdges && b.getTerminator()
2314 : && isa<CXXTryStmt>(b.getTerminator())) {
2315 : // When not adding EH edges from calls, catch clauses
2316 : // can otherwise seem dead. Avoid noting them as dead.
2317 4: count += MarkLive(&b, live);
2318 4: continue;
2319 : }
2320 29: SourceLocation c = GetUnreachableLoc(b, R1, R2);
2: branch 1 taken
27: branch 2 taken
2321 29: if (!c.isValid()) {
2322 : // Blocks without a location can't produce a warning, so don't mark
2323 : // reachable blocks from here as live.
2324 2: live.set(b.getBlockID());
2325 2: ++count;
2326 2: continue;
2327 : }
2328 27: lines.push_back(ErrLoc(c, R1, R2));
2329 : // Avoid excessive errors by marking everything reachable from here
2330 27: count += MarkLive(&b, live);
2331 : }
2332 : }
2333 : }
2334 :
2: branch 1 taken
10: branch 2 taken
2335 12: if (count < cfg->getNumBlockIDs()) {
2336 : // And then give warnings for the tops of loops.
51: branch 2 taken
2: branch 3 taken
2337 53: for (CFG::iterator I = cfg->begin(), E = cfg->end(); I != E; ++I) {
2338 51: CFGBlock &b = **I;
2: branch 4 taken
49: branch 5 taken
2339 51: if (!live[b.getBlockID()])
2340 : // Avoid excessive errors by marking everything reachable from here
2341 : lines.push_back(ErrLoc(MarkLiveTop(&b, live,
2342 : Context.getSourceManager()),
2343 2: SourceRange(), SourceRange()));
2344 : }
2345 : }
2346 :
2347 12: llvm::array_pod_sort(lines.begin(), lines.end(), LineCmp);
29: branch 1 taken
12: branch 2 taken
2348 53: for (llvm::SmallVector<ErrLoc, 24>::iterator I = lines.begin(),
2349 12: E = lines.end();
2350 : I != E;
2351 : ++I)
29: branch 1 taken
0: branch 2 not taken
2352 29: if (I->Loc.isValid())
12: branch 6 taken
3: branch 7 taken
2353 41: Diag(I->Loc, diag::warn_unreachable) << I->R1 << I->R2;
2354 : }
2355 :
2356 : /// CheckFallThrough - Check that we don't fall off the end of a
2357 : /// Statement that should return a value.
2358 : ///
2359 : /// \returns AlwaysFallThrough iff we always fall off the end of the statement,
2360 : /// MaybeFallThrough iff we might or might not fall off the end,
2361 : /// NeverFallThroughOrReturn iff we never fall off the end of the statement or
2362 : /// return. We assume NeverFallThrough iff we never fall off the end of the
2363 : /// statement but we may return. We assume that functions not marked noreturn
2364 : /// will return.
2365 3467: Sema::ControlFlowKind Sema::CheckFallThrough(AnalysisContext &AC) {
2366 3467: CFG *cfg = AC.getCFG();
8: branch 0 taken
3459: branch 1 taken
2367 3467: if (cfg == 0)
2368 : // FIXME: This should be NeverFallThrough
2369 8: return NeverFallThroughOrReturn;
2370 :
2371 : // The CFG leaves in dead things, and we don't want the dead code paths to
2372 : // confuse us, so we mark all live things first.
2373 3459: std::queue<CFGBlock*> workq;
2374 3459: llvm::BitVector live(cfg->getNumBlockIDs());
2375 3459: unsigned count = MarkLive(&cfg->getEntry(), live);
2376 :
2377 3459: bool AddEHEdges = AC.getAddEHEdges();
3459: branch 0 taken
0: branch 1 not taken
118: branch 3 taken
3341: branch 4 taken
118: branch 5 taken
3341: branch 6 taken
2378 3459: if (!AddEHEdges && count != cfg->getNumBlockIDs())
2379 : // When there are things remaining dead, and we didn't add EH edges
2380 : // from CallExprs to the catch clauses, we have to go back and
2381 : // mark them as live.
738: branch 2 taken
118: branch 3 taken
2382 856: for (CFG::iterator I = cfg->begin(), E = cfg->end(); I != E; ++I) {
2383 738: CFGBlock &b = **I;
214: branch 4 taken
524: branch 5 taken
2384 738: if (!live[b.getBlockID()]) {
175: branch 2 taken
39: branch 3 taken
2385 214: if (b.pred_begin() == b.pred_end()) {
9: branch 1 taken
166: branch 2 taken
1: branch 5 taken
8: branch 6 taken
1: branch 7 taken
174: branch 8 taken
2386 175: if (b.getTerminator() && isa<CXXTryStmt>(b.getTerminator()))
2387 : // When not adding EH edges from calls, catch clauses
2388 : // can otherwise seem dead. Avoid noting them as dead.
2389 1: count += MarkLive(&b, live);
2390 175: continue;
2391 : }
2392 : }
2393 : }
2394 :
2395 : // Now we know what is live, we check the live precessors of the exit block
2396 : // and look for fall through paths, being careful to ignore normal returns,
2397 : // and exceptional paths.
2398 3459: bool HasLiveReturn = false;
2399 3459: bool HasFakeEdge = false;
2400 3459: bool HasPlainEdge = false;
2401 3459: bool HasAbnormalEdge = false;
3782: branch 2 taken
3459: branch 3 taken
2402 10700: for (CFGBlock::pred_iterator I=cfg->getExit().pred_begin(),
2403 3459: E = cfg->getExit().pred_end();
2404 : I != E;
2405 : ++I) {
2406 3782: CFGBlock& B = **I;
84: branch 4 taken
3698: branch 5 taken
2407 3782: if (!live[B.getBlockID()])
2408 84: continue;
27: branch 1 taken
3671: branch 2 taken
2409 3698: if (B.size() == 0) {
1: branch 1 taken
26: branch 2 taken
1: branch 5 taken
0: branch 6 not taken
1: branch 7 taken
26: branch 8 taken
2410 27: if (B.getTerminator() && isa<CXXTryStmt>(B.getTerminator())) {
2411 1: HasAbnormalEdge = true;
2412 1: continue;
2413 : }
2414 :
2415 : // A labeled empty statement, or the entry block...
2416 26: HasPlainEdge = true;
2417 26: continue;
2418 : }
2419 3671: Stmt *S = B[B.size()-1];
3577: branch 1 taken
94: branch 2 taken
2420 3671: if (isa<ReturnStmt>(S)) {
2421 3577: HasLiveReturn = true;
2422 3577: continue;
2423 : }
2: branch 1 taken
92: branch 2 taken
2424 94: if (isa<ObjCAtThrowStmt>(S)) {
2425 2: HasFakeEdge = true;
2426 2: continue;
2427 : }
3: branch 1 taken
89: branch 2 taken
2428 92: if (isa<CXXThrowExpr>(S)) {
2429 3: HasFakeEdge = true;
2430 3: continue;
2431 : }
1: branch 1 taken
88: branch 2 taken
2432 89: if (const AsmStmt *AS = dyn_cast<AsmStmt>(S)) {
1: branch 1 taken
0: branch 2 not taken
2433 1: if (AS->isMSAsm()) {
2434 1: HasFakeEdge = true;
2435 1: HasLiveReturn = true;
2436 1: continue;
2437 : }
2438 : }
0: branch 1 not taken
88: branch 2 taken
2439 88: if (isa<CXXTryStmt>(S)) {
2440 0: HasAbnormalEdge = true;
2441 0: continue;
2442 : }
2443 :
2444 88: bool NoReturnEdge = false;
47: branch 1 taken
41: branch 2 taken
2445 88: if (CallExpr *C = dyn_cast<CallExpr>(S)) {
0: branch 2 not taken
47: branch 3 taken
2446 47: if (B.succ_begin()[0] != &cfg->getExit()) {
2447 0: HasAbnormalEdge = true;
2448 0: continue;
2449 : }
2450 47: Expr *CEE = C->getCallee()->IgnoreParenCasts();
38: branch 2 taken
9: branch 3 taken
2451 47: if (CEE->getType().getNoReturnAttr()) {
2452 38: NoReturnEdge = true;
2453 38: HasFakeEdge = true;
9: branch 1 taken
0: branch 2 not taken
2454 9: } else if (DeclRefExpr *DRE = dyn_cast<DeclRefExpr>(CEE)) {
2455 9: ValueDecl *VD = DRE->getDecl();
0: branch 1 not taken
9: branch 2 taken
2456 9: if (VD->hasAttr<NoReturnAttr>()) {
2457 0: NoReturnEdge = true;
2458 0: HasFakeEdge = true;
2459 : }
2460 : }
2461 : }
2462 : // FIXME: Add noreturn message sends.
50: branch 0 taken
38: branch 1 taken
2463 88: if (NoReturnEdge == false)
2464 50: HasPlainEdge = true;
2465 : }
3386: branch 0 taken
73: branch 1 taken
2466 3459: if (!HasPlainEdge) {
3294: branch 0 taken
92: branch 1 taken
2467 3386: if (HasLiveReturn)
2468 3294: return NeverFallThrough;
2469 92: return NeverFallThroughOrReturn;
2470 : }
73: branch 0 taken
0: branch 1 not taken
70: branch 2 taken
3: branch 3 taken
5: branch 4 taken
65: branch 5 taken
2471 73: if (HasAbnormalEdge || HasFakeEdge || HasLiveReturn)
2472 8: return MaybeFallThrough;
2473 : // This says AlwaysFallThrough for calls to functions that are not marked
2474 : // noreturn, that don't return. If people would like this warning to be more
2475 : // accurate, such functions should be marked as noreturn.
2476 65: return AlwaysFallThrough;
2477 : }
2478 :
2479 : /// CheckFallThroughForFunctionDef - Check that we don't fall off the end of a
2480 : /// function that should return a value. Check that we don't fall off the end
2481 : /// of a noreturn function. We assume that functions and blocks not marked
2482 : /// noreturn will return.
2483 : void Sema::CheckFallThroughForFunctionDef(Decl *D, Stmt *Body,
2484 9467: AnalysisContext &AC) {
2485 : // FIXME: Would be nice if we had a better way to control cascading errors,
2486 : // but for now, avoid them. The problem is that when Parse sees:
2487 : // int foo() { return a; }
2488 : // The return is eaten and the Sema code sees just:
2489 : // int foo() { }
2490 : // which this code would then warn about.
1878: branch 2 taken
7589: branch 3 taken
2491 9467: if (getDiagnostics().hasErrorOccurred())
2492 1878: return;
2493 :
2494 7589: bool ReturnsVoid = false;
2495 7589: bool HasNoReturn = false;
6736: branch 1 taken
853: branch 2 taken
2496 7589: if (FunctionDecl *FD = dyn_cast<FunctionDecl>(D)) {
2497 : // For function templates, class templates and member function templates
2498 : // we'll do the analysis at instantiation time.
398: branch 1 taken
6338: branch 2 taken
2499 6736: if (FD->isDependentContext())
2500 398: return;
2501 :
3343: branch 3 taken
2995: branch 4 taken
2502 6338: if (FD->getResultType()->isVoidType())
2503 3343: ReturnsVoid = true;
6338: branch 1 taken
0: branch 2 not taken
8: branch 7 taken
6330: branch 8 taken
8: branch 9 taken
6330: branch 10 taken
2504 6338: if (FD->hasAttr<NoReturnAttr>() ||
2505 : FD->getType()->getAs<FunctionType>()->getNoReturnAttr())
2506 8: HasNoReturn = true;
853: branch 1 taken
0: branch 2 not taken
2507 853: } else if (ObjCMethodDecl *MD = dyn_cast<ObjCMethodDecl>(D)) {
372: branch 3 taken
481: branch 4 taken
2508 853: if (MD->getResultType()->isVoidType())
2509 372: ReturnsVoid = true;
0: branch 1 not taken
853: branch 2 taken
2510 853: if (MD->hasAttr<NoReturnAttr>())
2511 0: HasNoReturn = true;
2512 : }
2513 :
2514 : // Short circuit for compilation speed.
7127: branch 1 taken
64: branch 2 taken
3710: branch 3 taken
3417: branch 4 taken
3712: branch 6 taken
62: branch 7 taken
3706: branch 8 taken
6: branch 9 taken
7: branch 11 taken
3761: branch 12 taken
0: branch 13 not taken
7: branch 14 taken
3761: branch 15 taken
3430: branch 16 taken
2515 7191: if ((Diags.getDiagnosticLevel(diag::warn_maybe_falloff_nonvoid_function)
2516 : == Diagnostic::Ignored || ReturnsVoid)
2517 : && (Diags.getDiagnosticLevel(diag::warn_noreturn_function_has_return_expr)
2518 : == Diagnostic::Ignored || !HasNoReturn)
2519 : && (Diags.getDiagnosticLevel(diag::warn_suggest_noreturn_block)
2520 : == Diagnostic::Ignored || !ReturnsVoid))
2521 3761: return;
2522 : // FIXME: Function try block
3430: branch 1 taken
0: branch 2 not taken
2523 3430: if (CompoundStmt *Compound = dyn_cast<CompoundStmt>(Body)) {
7: branch 1 taken
62: branch 2 taken
99: branch 3 taken
3262: branch 4 taken
2524 3430: switch (CheckFallThrough(AC)) {
2525 : case MaybeFallThrough:
0: branch 0 not taken
7: branch 1 taken
2526 7: if (HasNoReturn)
2527 0: Diag(Compound->getRBracLoc(), diag::warn_falloff_noreturn_function);
7: branch 0 taken
0: branch 1 not taken
2528 7: else if (!ReturnsVoid)
2529 7: Diag(Compound->getRBracLoc(),diag::warn_maybe_falloff_nonvoid_function);
2530 7: break;
2531 : case AlwaysFallThrough:
3: branch 0 taken
59: branch 1 taken
2532 62: if (HasNoReturn)
2533 3: Diag(Compound->getRBracLoc(), diag::warn_falloff_noreturn_function);
58: branch 0 taken
1: branch 1 taken
2534 59: else if (!ReturnsVoid)
2535 58: Diag(Compound->getRBracLoc(), diag::warn_falloff_nonvoid_function);
2536 62: break;
2537 : case NeverFallThroughOrReturn:
9: branch 0 taken
90: branch 1 taken
5: branch 2 taken
4: branch 3 taken
2538 99: if (ReturnsVoid && !HasNoReturn)
2539 5: Diag(Compound->getLBracLoc(), diag::warn_suggest_noreturn_function);
2540 : break;
2541 : case NeverFallThrough:
2542 : break;
2543 : }
2544 : }
2545 : }
2546 :
2547 : /// CheckFallThroughForBlock - Check that we don't fall off the end of a block
2548 : /// that should return a value. Check that we don't fall off the end of a
2549 : /// noreturn block. We assume that functions and blocks not marked noreturn
2550 : /// will return.
2551 : void Sema::CheckFallThroughForBlock(QualType BlockTy, Stmt *Body,
2552 260: AnalysisContext &AC) {
2553 : // FIXME: Would be nice if we had a better way to control cascading errors,
2554 : // but for now, avoid them. The problem is that when Parse sees:
2555 : // int foo() { return a; }
2556 : // The return is eaten and the Sema code sees just:
2557 : // int foo() { }
2558 : // which this code would then warn about.
76: branch 2 taken
184: branch 3 taken
2559 260: if (getDiagnostics().hasErrorOccurred())
2560 76: return;
2561 184: bool ReturnsVoid = false;
2562 184: bool HasNoReturn = false;
184: branch 4 taken
0: branch 5 not taken
2563 184: if (const FunctionType *FT =BlockTy->getPointeeType()->getAs<FunctionType>()){
150: branch 3 taken
34: branch 4 taken
2564 184: if (FT->getResultType()->isVoidType())
2565 150: ReturnsVoid = true;
1: branch 1 taken
183: branch 2 taken
2566 184: if (FT->getNoReturnAttr())
2567 1: HasNoReturn = true;
2568 : }
2569 :
2570 : // Short circuit for compilation speed.
150: branch 0 taken
34: branch 1 taken
149: branch 2 taken
1: branch 3 taken
2: branch 5 taken
147: branch 6 taken
0: branch 7 not taken
2: branch 8 taken
147: branch 9 taken
37: branch 10 taken
2571 184: if (ReturnsVoid
2572 : && !HasNoReturn
2573 : && (Diags.getDiagnosticLevel(diag::warn_suggest_noreturn_block)
2574 : == Diagnostic::Ignored || !ReturnsVoid))
2575 147: return;
2576 : // FIXME: Funtion try block
37: branch 1 taken
0: branch 2 not taken
2577 37: if (CompoundStmt *Compound = dyn_cast<CompoundStmt>(Body)) {
1: branch 1 taken
3: branch 2 taken
1: branch 3 taken
32: branch 4 taken
2578 37: switch (CheckFallThrough(AC)) {
2579 : case MaybeFallThrough:
0: branch 0 not taken
1: branch 1 taken
2580 1: if (HasNoReturn)
2581 0: Diag(Compound->getRBracLoc(), diag::err_noreturn_block_has_return_expr);
1: branch 0 taken
0: branch 1 not taken
2582 1: else if (!ReturnsVoid)
2583 1: Diag(Compound->getRBracLoc(), diag::err_maybe_falloff_nonvoid_block);
2584 1: break;
2585 : case AlwaysFallThrough:
1: branch 0 taken
2: branch 1 taken
2586 3: if (HasNoReturn)
2587 1: Diag(Compound->getRBracLoc(), diag::err_noreturn_block_has_return_expr);
1: branch 0 taken
1: branch 1 taken
2588 2: else if (!ReturnsVoid)
2589 1: Diag(Compound->getRBracLoc(), diag::err_falloff_nonvoid_block);
2590 3: break;
2591 : case NeverFallThroughOrReturn:
1: branch 0 taken
0: branch 1 not taken
2592 1: if (ReturnsVoid)
2593 1: Diag(Compound->getLBracLoc(), diag::warn_suggest_noreturn_block);
2594 : break;
2595 : case NeverFallThrough:
2596 : break;
2597 : }
2598 : }
2599 : }
2600 :
2601 : /// CheckParmsForFunctionDef - Check that the parameters of the given
2602 : /// function are appropriate for the definition of a function. This
2603 : /// takes care of any checks that cannot be performed on the
2604 : /// declaration itself, e.g., that the types of each of the function
2605 : /// parameters are complete.
2606 8765: bool Sema::CheckParmsForFunctionDef(FunctionDecl *FD) {
2607 8765: bool HasInvalidParm = false;
7259: branch 1 taken
8765: branch 2 taken
2608 16024: for (unsigned p = 0, NumParams = FD->getNumParams(); p < NumParams; ++p) {
2609 7259: ParmVarDecl *Param = FD->getParamDecl(p);
2610 :
2611 : // C99 6.7.5.3p4: the parameters in a parameter type list in a
2612 : // function declarator that is part of a function definition of
2613 : // that function shall not have incomplete type.
2614 : //
2615 : // This is also C++ [dcl.fct]p6.
7247: branch 1 taken
12: branch 2 taken
0: branch 10 not taken
7247: branch 11 taken
7247: branch 12 taken
12: branch 13 taken
7247: branch 15 taken
12: branch 16 taken
7247: branch 18 taken
12: branch 19 taken
0: branch 21 not taken
7259: branch 22 taken
2616 7259: if (!Param->isInvalidDecl() &&
2617 : RequireCompleteType(Param->getLocation(), Param->getType(),
2618 : diag::err_typecheck_decl_incomplete_type)) {
2619 0: Param->setInvalidDecl();
2620 0: HasInvalidParm = true;
2621 : }
2622 :
2623 : // C99 6.9.1p5: If the declarator includes a parameter type list, the
2624 : // declaration of each parameter shall include an identifier.
458: branch 1 taken
6801: branch 2 taken
455: branch 4 taken
3: branch 5 taken
3: branch 7 taken
452: branch 8 taken
3: branch 9 taken
7256: branch 10 taken
2625 7259: if (Param->getIdentifier() == 0 &&
2626 : !Param->isImplicit() &&
2627 : !getLangOptions().CPlusPlus)
2628 3: Diag(Param->getLocation(), diag::err_parameter_name_omitted);
2629 :
2630 : // C99 6.7.5.3p12:
2631 : // If the function declarator is not part of a definition of that
2632 : // function, parameters may have incomplete type and may use the [*]
2633 : // notation in their sequences of declarator specifiers to specify
2634 : // variable length array types.
2635 7259: QualType PType = Param->getOriginalType();
79: branch 1 taken
7180: branch 2 taken
2636 7259: if (const ArrayType *AT = Context.getAsArrayType(PType)) {
1: branch 1 taken
78: branch 2 taken
2637 79: if (AT->getSizeModifier() == ArrayType::Star) {
2638 : // FIXME: This diagnosic should point the the '[*]' if source-location
2639 : // information is added for it.
2640 1: Diag(Param->getLocation(), diag::err_array_star_in_function_definition);
2641 : }
2642 : }
2643 :
2979: branch 1 taken
4280: branch 2 taken
2644 7259: if (getLangOptions().CPlusPlus)
416: branch 3 taken
2563: branch 4 taken
2645 2979: if (const RecordType *RT = Param->getType()->getAs<RecordType>())
2646 416: FinalizeVarWithDestructor(Param, RT);
2647 : }
2648 :
2649 8765: return HasInvalidParm;
2650 0: }
Generated: 2010-02-10 01:31 by zcov